[Zope] Banner Grabbing
D. Rick Anderson
ruger at acsnv.com
Wed Oct 1 02:42:00 EDT 2003
That did it! Thanks!
Rick
Steve McMahon wrote:
> Looks like there's one line in ZServer/HTTPServer.py that does it all:
>
> SERVER_IDENT='Zope/%s ZServer/%s' % (ZOPE_VERSION,ZSERVER_VERSION)
>
> If you wanted to emulate the Apache production settings, you could
> change that to:
>
> SERVER_IDENT='Zope'
>
>
> D. Rick Anderson wrote:
>
>>
>>
>>> I don't believe in relying on security-through-obscurity...
>>
>>
>>
>> I couldn't agree more, but it shows up as a 'warning' in Nessus, and
>> my boss wants it cleared up. I don't intend to 'rely' on that, but
>> why give some dough-head out there more information than you have to?
>> I've done it to our servers that ARE running apache with:
>>
>> ServerTokens Prod
>>
>> and then all they return is "Apache" without any versioning info, and
>> if you set:
>>
>> expose_php = Off
>>
>> in your /etc/php.ini it won't barf out all of your PHP version
>> information either. I just want to know how to do it in Zope.
>> ....
>
>
>
> _______________________________________________
> Zope maillist - Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>
More information about the Zope
mailing list