| View previous topic :: View next topic |
| Author |
Message |
Daevon
-
Joined: 04 Jul 2009
Posts: 21
|
 Posted: Wed Jun 01, 2016 10:28 pm Post subject: Less informative HTTP Response Header |
 |
|
Hi Everyone
since I've had a number of attacks lately, I'd want to make my HTTP Response header less.. informative (it's a known best practice after all)
Currently, it is:
Date →Wed, 01 Jun 2016 21:26:51 GMT
Server →Abyss/2.11.1-X1-Win32 AbyssLib/2.11
(I removed the "X-Powered-By →PHP/5.6.0" by setting "expose_php = off" in php.ini)
Is there any way to remove the sensitive data (ie Abyss version)?
Thanks! |
|
| Back to top |
  |
 |
admin
Site Admin
Joined: 03 Mar 2002
Posts: 1347
|
| Posted: Tue Jun 14, 2016 2:14 pm Post subject: Re: Less informative HTTP Response Header |
|
|
Daevon,
The server header cannot be removed in X1.
By the way, hiding it won't prevent attackers from knowing the type of server you're using. Each server has its behavioral "signature" that can be fairly easily inferred from a few request/response tests.
That being said, the knowledge of the Web server type won't help the attacker a lot. So far, there are no know vulnerabilities in Abyss Web Server that could be exploited to do any harm.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
| Back to top |
|
|
Toasty
-
Joined: 21 Feb 2008
Posts: 298
Location: Chicago, IL
|
|
| Back to top |
 |
|
|
