Less informative HTTP Response Header

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
Daevon
-


Joined: 04 Jul 2009
Posts: 10

PostPosted: Wed Jun 01, 2016 10:28 pm    Post subject: Less informative HTTP Response Header Reply with quote

Hi Everyone
since I've had a number of attacks lately, I'd want to make my HTTP Response header less.. informative (it's a known best practice after all)

Currently, it is:
Date →Wed, 01 Jun 2016 21:26:51 GMT
Server →Abyss/2.11.1-X1-Win32 AbyssLib/2.11
(I removed the "X-Powered-By →PHP/5.6.0" by setting "expose_php = off" in php.ini)

Is there any way to remove the sensitive data (ie Abyss version)?

Thanks!
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 772

PostPosted: Tue Jun 14, 2016 2:14 pm    Post subject: Re: Less informative HTTP Response Header Reply with quote

Daevon,

The server header cannot be removed in X1.

By the way, hiding it won't prevent attackers from knowing the type of server you're using. Each server has its behavioral "signature" that can be fairly easily inferred from a few request/response tests.

That being said, the knowledge of the Web server type won't help the attacker a lot. So far, there are no know vulnerabilities in Abyss Web Server that could be exploited to do any harm.
_________________
Forum Administrator
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message
Toasty
-


Joined: 21 Feb 2008
Posts: 295
Location: Chicago, IL

PostPosted: Tue Dec 27, 2016 5:51 pm    Post subject: Reply with quote

Set up a reverse proxy in front of it (HA Proxy, etc) and strip the header. Multiple hosts can be configured using this as well.
_________________
Portfolio: Robert Lerner
Back to top View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group