When someone access your server from the web they may end up on a error page such as 403 and 404. The issue is having your server output what apache version and server you're running on. This can be a security the risk because if the malicious hacker knows what your working with it makes things easier for them. The way to not publish this information is to configure your apache options. On Ubuntu server 11.10 its located at /etc/apache2/conf.d/security
What needs to be changed is
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature Off
then restart apache:
$ sudo service apache2 restart
tags:
apache dont 403 error message
apache error message hide ip address
apache error message don't publish ip
No comments:
Post a Comment