HTTP Header Alteration : it ain't simple
DCT Jared Smith
jared at dctkc.com
Thu Feb 7 18:39:52 CST 2002
Rusty,
My bad. You can change the server header information in Apache
with the mod_headers link I posted earlier. However, you _cannot_ change
the "Date" or "Server" portions, which is what you want to change.
Fortunately, Apache is open source (or else you'd have to edit the binary,
which is simple if you know how, yet...). AFAIK, it looks like you have
to edit the source code to change the "Server" portion of the header.
A few links on Google confirmed this hunch. (Here's one example)
http://groups.google.com/groups?hl=en&selm=slrn9ujmdt.s0l.efflandt%40typhoon.xnet.com
I do want to say one thing: if you're going to this much trouble to hide
your server name, and you make a mistake, you're going to hide yourself
from the script kiddies, and turn yourself into a bright beacon to a
real hacker: He will notice the anomoly in your settings, and think "Whoa,
this guy's got something to hide. I think I'll break in."
It's part of the risk: the more secure you are, the better the hacker
who eventually breaks in.
While searching on Google, I turned up this bit for IIS, which may be
useful to you:
<snip>
In the IIS mmc, select the site, right click "properties", and in the "HTTP
Headers" tab, add a new custom header.
This new custom header name should be "SERVER" (without quotes).
The new header value can be whatever you want.
</snip>
There is also a piece of software called URLScan distributed free by
Microsoft which allows you to modify header elements in IIS.
That's all I know about it. Google for more.
> Thanks for the pointer...this looks like an advanced level tweak
> that I'll have to play with a bit.
>
> Anyone know how to do the same in IIS?
>
>
> --- DCT Jared Smith <jared at dctkc.com> wrote:
> > Here are the relevant docs from the Apache site (for v2.0) :
> >
> > http://httpd.apache.org/docs-2.0/mod/mod_headers.html#header
> >
> > > Is there some way to alter the outgoing HTTP header to spoof
> > the
> > > type of webserver a site is running? For instance, can I
> > alter
> > > the header of an Apache server so it looks like an IIS
> > server to
> > > see what kind of attacks are launched on it?
> > >
> > > Thanks...
More information about the Kclug
mailing list