[Zope] Banner Grabbing
Steve McMahon
steve at dcn.org
Tue Sep 30 20:34:10 EDT 2003
Looks like there's one line in ZServer/HTTPServer.py that does it all:
SERVER_IDENT='Zope/%s ZServer/%s' % (ZOPE_VERSION,ZSERVER_VERSION)
If you wanted to emulate the Apache production settings, you could
change that to:
SERVER_IDENT='Zope'
D. Rick Anderson wrote:
>
>
>> I don't believe in relying on security-through-obscurity...
>
>
> I couldn't agree more, but it shows up as a 'warning' in Nessus, and my
> boss wants it cleared up. I don't intend to 'rely' on that, but why give
> some dough-head out there more information than you have to? I've done
> it to our servers that ARE running apache with:
>
> ServerTokens Prod
>
> and then all they return is "Apache" without any versioning info, and if
> you set:
>
> expose_php = Off
>
> in your /etc/php.ini it won't barf out all of your PHP version
> information either. I just want to know how to do it in Zope.
> ....
More information about the Zope
mailing list