As a part of improving the security on a eCommerce site, it is always a good idea to turn off fingerprinting.
How to reproduce this: Go to any static asset on the site and change it to wrong file name and you will see a 404 or even 403 errors. It would print all the information regarding the web server, which could be potentially exploited.
IBM_HTTP_Server/X.X.X.X-PMX4623 Apache/2.1.97 (Unix) Server at host.com Port 80
In order to protect the site for security reasons, these values need to be changed in httpd.conf to make the environment more secure. Make this change and restart webserver for the change to reflect.
Test Environment:
ServerTokens Full
Production Env:
ServerTokens Prod
Test Environment:
ServerSignature On
Prod Environment:
ServerSignature Off
How to reproduce this: Go to any static asset on the site and change it to wrong file name and you will see a 404 or even 403 errors. It would print all the information regarding the web server, which could be potentially exploited.
IBM_HTTP_Server/X.X.X.X-PMX4623 Apache/2.1.97 (Unix) Server at host.com Port 80
In order to protect the site for security reasons, these values need to be changed in httpd.conf to make the environment more secure. Make this change and restart webserver for the change to reflect.
Test Environment:
ServerTokens Full
Production Env:
ServerTokens Prod
Test Environment:
ServerSignature On
Prod Environment:
ServerSignature Off
Hi Raj Sanghvi,
ReplyDeleteThe information you are putting here is very useful.Simple and good examples whch are easy to understand.Could you please also upload some information related to Contracts?their purpose and benefits.creating them etc?
Thanks
I am really glad to know, the blog is serving it's purpose. I will soon write something on Contracts.
ReplyDeleteHi,
ReplyDeleteVery good and nice spelling in the article that may reach every one reading. Better if with the levels may be a statistical images. All the way very good .
Regards,
STC Technologies
Nice Info - Sanjiv
ReplyDelete