• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Apache 2.0.40 Server questions

G

groovin

Senior member
anyone know how to remove the server signature "apache 2.0.40 Server admin@email.com port 80" (or something along those lines) from the bottom of index listings and other server generated pages? Any way for me to edit it to say something else?

how do i password protect my site?

finally, what are some things i should do regarding security? basically, i want to be able to get a dir listing after entering a password... but no access to anything on the server without a password.

thanks

oh yeah, its Apache running on RH8

-Apache/Linux Newbie
 
anyone know how to remove the server signature "apache 2.0.40 Server admin@email.com port 80" (or something along those lines) from the bottom of index listings and other server generated pages? Any way for me to edit it to say something else?

Inside /etc/httpd/conf/httpd.conf there is a directive called ServerSignature. It is turned on by default. This will control the presence of that signature.

how do i password protect my site?

You can password protect directories using .htaccess files.

finally, what are some things i should do regarding security? basically, i want to be able to get a dir listing after entering a password... but no access to anything on the server without a password.

You should utilize .htaccess files, keep your .htpasswd files in safe locations on the server -- disable directory listings entirely. Utilizing ssl when authenticating anywhere on your site (even if your using the default localhost key) is highly recommended.

Advice in this type of setup is entirely dependant on what you intend on doing with it.
 
thanks N11, i tried ServerSignature already and it didnt seem to work. the signature still shows up on the bottom. is there any danger of broadcasting such info?

also, i read on Apache's site that .htaccess files are not recommended in enforcing password security, but they didnt really explain why... but it seems to be the only way i have read (or been recommended to) set up passwords.

where would be a safe location for .htaccess files?

 
ServerSignature will work if you make sure to restart httpd after you've made the configuration change.

.htaccess files in combination with ssl are just fine for protecting directories. Your .htaccess file needs to be at the base of the directory you want to protect, but the .htpasswd files you generate to keep a user/encrypted pw list should be situated in a safe location such as somewhere in /etc/httpd
 
N11, i already tried restarting the server using httpd -k restart and it didnt work... so then i looked back in the config file and found way down at the bottom two ServerSignature switches set to On... i guess i didnt see them before because there was a huge area of whitespace in the file so i took that as the end of the file.

anyways, i changed those and no more signature... i also got basic passwording up and running. ill play with SSL in a bit too.

thanks again for your help.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top