Tim's Weblog
Tim Strehle’s links and thoughts on Web apps, software development and Digital Asset Management, since 2002.
2002-09-18

ServerTokens Prod

The current Apache OpenSSL worm ("Linux Slapper Worm") checks the webserver version by reading the HTTP header before it attacks.

Added "ServerTokens Prod" to httpd.conf - now it says "Server: Apache", was "Server: Apache/1.3.26 (Unix) mod_ssl/2.8.10 OpenSSL/0.9.6" before.

(See the Apache documentation and FAQ.)