security
Hiding Unnecessary Response Headers Apache/PHP
One way to help protect your website/server is to not tell everyone what platform and app versions everything is running on. If you were to request a php file from my site you see some response headers that could be useful to people looking to break in, cause havoc etc…
Here is my request to aknosis.com (I’m viewing all of this in Firebug, if you don’t have it get it, best web development tool in my arsenal)
| Date | Wed, 14 Oct 2009 05:59:59 GMT |
| Server | Apache/2.2.3 (CentOS) PHP/5.2.9 mod_ssl/2.2.3 OpenSSL/0.9.8b |
| X-Powered-By | PHP/5.2.9 |
| X-Pingback | http://www.aknosis.com/akwp/xmlrpc.php |
| Expires | Wed, 11 Jan 1984 05:00:00 GMT |
| Last-Modified | Wed, 14 Oct 2009 06:00:00 GMT |
| Cache-Control | no-cache, must-revalidate, max-age=0 |
| Pragma | no-cache |
| Vary | Accept-Encoding,User-Agent |
| Content-Encoding | gzip |
| Content-Length | 10636 |
| Keep-Alive | timeout=2, max=100 |
| Connection | Keep-Alive |
| Content-Type | text/html; charset=UTF-8 |
So if I was running a known insecure version of php, apache, or any other out of date software exposed in the response headers, an attacker has to look no further to determine what you are using and how best to attack you.
Apache
Google Ads
Tags
Categories
- Hardware (1)
- Information Security (2)
- Scams (1)
- Programming (13)
- JavaScript (7)
- jQuery (4)
- MySQL (2)
- php (3)
- JavaScript (7)
- Quick Tips (8)
- Ramblings (30)
- System Administration (4)
Recent Posts
Recent Comments
- Aknosis on Automating MySQL Database Backups on the Command Line via mysqldump
- brittany on Automating MySQL Database Backups on the Command Line via mysqldump
- Aknosis on More jQuery Fun – Auto Populating a Select Box
- zkilz on More jQuery Fun – Auto Populating a Select Box
- Aknosis on More jQuery Fun – Auto Populating a Select Box