apache httpd secure 하게 하기

Owned by 정광섭

Last updated: 2014-Mar-04

1 min read

Hide Server Info

서버 OS 의 종류, 버전, Web Server의 종류, 버전 숨기기

http://httpd.apache.org/docs/2.2/mod/core.html#servertokens

httpd.conf 에 다음 내용 추가

ServerSignature On
ServerTokens  ProductOnly

다음처럼 Server: Apache Web Server 제품 정보만 출력된다.
```
Server: Apache
```
ServerTokens OS - RHEL 기본값
```
Server: Apache/2.0.41 (Unix)
```
ServerTokens Full - apache 기본값
```
Server:  Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2
```

mod_header로 X-Powerd-By HTTP Header 제거

http://www.shanison.com/2012/07/05/unset-apache-response-header-protect-your-server-information/

httpd.conf

# If mod_headers module is included, we will disable the Server response header totally  
<IfModule mod_headers.c>  
  Header unset Server  
  Header unset X-Powered-By  
</IfModule>

SELinux 적용