mod_sesehe SEcure SErver HEader 1.0 review
Downloadmod_sesehe SEcure SErver HEader is an Apache module that disguise or remove "Server: " HTTP header. The ServerTokens directive curre
|
|
mod_sesehe SEcure SErver HEader is an Apache module that disguise or remove "Server: " HTTP header.
The ServerTokens directive currently can at best be set to Prod, which will cause apache to return "Apache" as Server header. Some problem still occurs:
First, the level of security by obscurity of this directive is not acceptable by some people that just want to change it to some other value, without re-compiling Apache, or people that even want to simply drop the "Server: " header. Secondly, if apache is configured as a reverse proxy, and a malformed request is received, then it will display its own server token instead of the backend one, so we need to handle error response header.
I developed this tiny module by hijacking normal behavior of (reverse) proxy feature of Apache : i.e. even if a request is not a proxy request, I tag it as if it was, to make Apache core let me do what I want with this header.
Requirements:
Apache
mod_sesehe SEcure SErver HEader 1.0 keywords