ServerTokens Prod
The current Apache OpenSSL worm ("Linux Slapper Worm") checks the webserver version by reading the HTTP header before it attacks.
Added "ServerTokens Prod" to httpd.conf - now it says "Server: Apache", was "Server: Apache/1.3.26 (Unix) mod_ssl/2.8.10 OpenSSL/0.9.6" before.
(See the Apache documentation and FAQ.)
Filed under:
Wed, 18 Sep 2002 09:59:09 +0200
