logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.



Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache Vulnerabilities - Version 2.4.6-RHEL7
Author
sab



Joined: 03 Jun 2020
Posts: 6
Location: india

PostPosted: Wed 06 Jan '21 9:34    Post subject: Apache Vulnerabilities - Version 2.4.6-RHEL7 Reply with quote

Hi All,

we have below vulnerabilities , Please suggest

modifying the default 404 page that prevents disclosure of the apache version

Thanks
Sabarnath
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6890
Location: Germany, Next to Hamburg

PostPosted: Wed 06 Jan '21 9:37    Post subject: Reply with quote

You can create an own error page.

See https://httpd.apache.org/docs/2.4/custom-error.html
Back to top
tangent



Joined: 16 Aug 2020
Posts: 39
Location: UK

PostPosted: Wed 06 Jan '21 21:27    Post subject: Reply with quote

You might also want to add a ServerTokens setting as:
Code:
ServerTokens Prod

which will change the reported server in headers and error pages to Apache rather than Apache with full version details. See https://httpd.apache.org/docs/2.4/mod/core.html#serversignature
Back to top


Reply to topic   Topic: Apache Vulnerabilities - Version 2.4.6-RHEL7 View previous topic :: View next topic
Post new topic   Forum Index -> Apache