Looks like there's one line in ZServer/HTTPServer.py that does it all: SERVER_IDENT='Zope/%s ZServer/%s' % (ZOPE_VERSION,ZSERVER_VERSION) If you wanted to emulate the Apache production settings, you could change that to: SERVER_IDENT='Zope' D. Rick Anderson wrote:
I don't believe in relying on security-through-obscurity...
I couldn't agree more, but it shows up as a 'warning' in Nessus, and my boss wants it cleared up. I don't intend to 'rely' on that, but why give some dough-head out there more information than you have to? I've done it to our servers that ARE running apache with:
ServerTokens Prod
and then all they return is "Apache" without any versioning info, and if you set:
expose_php = Off
in your /etc/php.ini it won't barf out all of your PHP version information either. I just want to know how to do it in Zope. ....