CentOS 아파치 보안권장설정 ServerTokens Prod, ServerSignature Off

(아파치 ServerTokens Prod, ServerSignature Off에서 넘어옴)
  다른 뜻에 대해서는 우분투 아파치 보안권장설정 ServerTokens Prod, ServerSignature Off 문서를 참조하십시오.

1 개요[ | ]

아파치 ServerTokens Prod, ServerSignature Off

2 문제상황[ | ]

  • HTTP 헤더 확인
[root@zetawiki ~]# curl -I http://localhost
HTTP/1.1 200 OK
Date: Sat, 06 Sep 2014 22:17:23 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Connection: close
Content-Type: text/html; charset=UTF-8
→ Apache 버전(2.2.15), OS 종류(CentOS)가 표시됨
  • 404 페이지 확인
[root@zetawiki ~]# curl http://localhost/asdfasdf
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /asdfasdf was not found on this server.</p>
<hr>
<address>Apache/2.2.15 (CentOS) Server at localhost Port 80</address>
</body></html>
→ Apache 버전(2.2.15), OS 종류(CentOS)가 표시됨

3 확인[ | ]

[root@zetawiki ~]# cat /etc/httpd/conf/httpd.conf | egrep 'ServerTokens|ServerSignature'
ServerTokens OS
ServerSignature On

4 변경[ | ]

  • 아파치 설정파일 httpd.conf를 httpd.conf_old로 복사하여 보존
[root@zetawiki ~]# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_old
[root@zetawiki ~]# sed -i "s/ServerTokens OS/ServerTokens Prod/g" /etc/httpd/conf/httpd.conf
[root@zetawiki ~]# sed -i "s/ServerSignature On/ServerSignature Off/g" /etc/httpd/conf/httpd.conf
[root@zetawiki ~]# diff /etc/httpd/conf/httpd.conf_old /etc/httpd/conf/httpd.conf
44c44
< ServerTokens OS
---
> ServerTokens Prod
536c536
< ServerSignature On
---
> ServerSignature Off
→ ServerTokens 가 Prod로, ServerSignature가 Off로 변경됨
  • 새 설정을 적용하기 위해 아파치 재시작
[root@zetawiki ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

5 확인 2[ | ]

[root@zetawiki ~]# curl -I http://localhost
HTTP/1.1 200 OK
Date: Sat, 06 Sep 2014 23:34:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Connection: close
[root@zetawiki ~]# curl http://localhost/asdfasdf
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /asdfasdf was not found on this server.</p>
</body></html>
→ HTTP 헤더와 404 페이지에 Apache 버전, OS 종류가 표시되지 않는다.

6 같이 보기[ | ]

7 주석[ | ]

  1. sed 대신 vi로 직접 편집해도 된다.

8 참고[ | ]

문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}