728x90
Apache(HTTP) 및 PHP 버전 정보 노출 막기
HTTP 헤더에서 Apache 및 PHP 버전 확인
curl -I http://localhost
$ curl -I localhost
HTTP/1.1 302 Found
Date: Fri, 28 Jan 2022 01:57:45 GMT
Server: Apache/2.4.46 (Unix) OpenSSL/1.1.1k PHP/7.3.25
Location: http://www.sangchul.kr/404.html
Content-Type: text/html; charset=iso-8859-1
wget --server-response --spider http://localhost
- -S,--server-response : HTTP 서버에서 보낸 헤더와 FTP 서버에서 보낸 응답을 인쇄합니다.
- --spider : 이 옵션을 사용하여 호출하면 Wget은 웹 스파이더처럼 작동합니다. 즉, 페이지를 다운로드하지 않고 페이지가 있는지 확인하기만 하면 됩니다.
예를 들어 Wget을 사용하여 북마크를 확인할 수 있습니다.
wget --spider --force-html -i bookmarks.html
이 기능은 Wget이 실제 웹 스파이더의 기능에 가까워지려면 훨씬 더 많은 작업이 필요합니다.
$ wget --server-response --spider http://localhost
Spider mode enabled. Check if remote file exists.
--2022-01-28 10:58:40-- http://localhost/
Resolving localhost (localhost)... 127.0.0.1, ::1
Connecting to localhost (localhost)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 302 Found
Date: Fri, 28 Jan 2022 01:58:40 GMT
Server: Apache/2.4.46 (Unix) OpenSSL/1.1.1k PHP/7.3.25
Location: http://www.sangchul.kr/404.html
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Location: http://www.sangchul.kr/404.html [following]
Spider mode enabled. Check if remote file exists.
--2022-01-28 10:58:40-- http://www.sangchul.kr/404.html
Resolving www.sangchul.kr (www.sangchul.kr)... 27.0.236.139
Connecting to www.sangchul.kr (www.sangchul.kr)|27.0.236.139|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Date: Fri, 28 Jan 2022 01:58:36 GMT
Server: Apache
Location: https://www.sangchul.kr/404.html
Keep-Alive: timeout=10, max=2048
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Location: https://www.sangchul.kr/404.html [following]
Spider mode enabled. Check if remote file exists.
--2022-01-28 10:58:40-- https://www.sangchul.kr/404.html
Connecting to www.sangchul.kr (www.sangchul.kr)|27.0.236.139|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Date: Fri, 28 Jan 2022 01:58:36 GMT
Server: Apache
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Keep-Alive: timeout=10, max=2048
Connection: Keep-Alive
Content-Type: text/html; charset=EUC-KR
Length: unspecified [text/html]
Remote file exists and could contain further links,
but recursion is disabled -- not retrieving.
아파치 설정 편집(httpd-default.conf 또는 httpd.conf 편집)
vim /usr/local/apache2/conf/extra/httpd-default.conf
- ServerTokens Prod => 주석 처리 #ServerTokens Prod
- ServerSignature On => Off 로 변경 ServerSignature Off
$ vim /usr/local/apache2/conf/extra/httpd-default.conf
...
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Prod
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature Off
...
PHP 설정 편집(php.ini 편집)
php.ini 파일 찾기
php --ini
$ /usr/local/php/bin/php --ini
Configuration File (php.ini) Path: /usr/local/apache2/conf
Loaded Configuration File: /usr/local/apache2/conf/php.ini
Scan for additional .ini files in: (none)
Additional .ini files parsed: (none)
php -i | egrep "Configuration File"
$ /usr/local/php/bin/php -i | egrep "Configuration File"
Configuration File (php.ini) Path => /usr/local/apache2/conf
Loaded Configuration File => /usr/local/apache2/conf/php.ini
php.ini 편집
vim /usr/local/apache2/conf/php.ini
$ vim /usr/local/apache2/conf/php.ini
...
;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = Off
...
Apache 및 PHP 버전 확인
curl -I http://localhost
$ curl -I http://localhost
HTTP/1.1 302 Found
Date: Fri, 28 Jan 2022 02:02:19 GMT
Server: Apache
Location: http://www.sangchul.kr/404.html
Content-Type: text/html; charset=iso-8859-1
wget --server-response --spider http://localhost
$ wget --server-response --spider http://localhost
Spider mode enabled. Check if remote file exists.
--2022-01-28 11:02:25-- http://localhost/
Resolving localhost (localhost)... 127.0.0.1, ::1
Connecting to localhost (localhost)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 302 Found
Date: Fri, 28 Jan 2022 02:02:25 GMT
Server: Apache
Location: http://www.sangchul.kr/404.html
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Location: http://www.sangchul.kr/404.html [following]
Spider mode enabled. Check if remote file exists.
--2022-01-28 11:02:25-- http://www.sangchul.kr/404.html
Resolving www.sangchul.kr (www.sangchul.kr)... 27.0.236.139
Connecting to www.sangchul.kr (www.sangchul.kr)|27.0.236.139|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Date: Fri, 28 Jan 2022 02:02:17 GMT
Server: Apache
Location: https://www.sangchul.kr/404.html
Keep-Alive: timeout=10, max=2048
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Location: https://www.sangchul.kr/404.html [following]
Spider mode enabled. Check if remote file exists.
--2022-01-28 11:02:25-- https://www.sangchul.kr/404.html
Connecting to www.sangchul.kr (www.sangchul.kr)|27.0.236.139|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Date: Fri, 28 Jan 2022 02:02:17 GMT
Server: Apache
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Keep-Alive: timeout=10, max=2048
Connection: Keep-Alive
Content-Type: text/html; charset=EUC-KR
Length: unspecified [text/html]
Remote file exists and could contain further links,
but recursion is disabled -- not retrieving.
728x90
'리눅스' 카테고리의 다른 글
CentOS 7에서 lsyncd와 rsync를 사용하여 파일의 실시간 동기화를 설정하는 방법 (0) | 2022.01.28 |
---|---|
일반적으로 권장되는 웹 서버의 SSL 프로토콜과 암호화 알고리즘(Cipher Suite) 설정 (0) | 2022.01.28 |
[linux] rpcgen install for centos 8 (0) | 2022.01.27 |
screen 명령어 (0) | 2022.01.27 |
nmap 명령어 (0) | 2022.01.24 |