That did it! Thanks! Rick Steve McMahon wrote:
Looks like there's one line in ZServer/HTTPServer.py that does it all:
SERVER_IDENT='Zope/%s ZServer/%s' % (ZOPE_VERSION,ZSERVER_VERSION)
If you wanted to emulate the Apache production settings, you could change that to:
SERVER_IDENT='Zope'
D. Rick Anderson wrote:
I don't believe in relying on security-through-obscurity...
I couldn't agree more, but it shows up as a 'warning' in Nessus, and my boss wants it cleared up. I don't intend to 'rely' on that, but why give some dough-head out there more information than you have to? I've done it to our servers that ARE running apache with:
ServerTokens Prod
and then all they return is "Apache" without any versioning info, and if you set:
expose_php = Off
in your /etc/php.ini it won't barf out all of your PHP version information either. I just want to know how to do it in Zope. ....
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )