BugWish:missing option "DoNotUnveilIdentity&quo
Brought to you by:
jnelson
Menu
▾
▴
#15 BugWish:missing option "DoNotUnveilIdentity&quo
Hi all !
Boa is very very good, but as it has security in mind, I
think that a good thing would be to add some kind of
"do-not-tell-which-webserver-you-are" option to the
boa.conf.
I am really needing that option as I've been attacked
some times already, those attacks were based on
previous Boa vulnerabilities.
I think this could be interesting to make hackers lost
their time when trying to gain root access to my
computer... :)
Thank you all !
Michel Nolard
Free Software Developer at OutMaX!.org
Logged In: YES
user_id=8446
Sounds reasonable. You can probably expect this in 0.94.14rc19
Logged In: NO
As a matter of fact I wrote a patch to do something like
this-- actually, to be able to set what is returned as the
Server header to anything with a directive, a year or so
ago. I did think I had tried to post it to Sourceforge. Was
it ever recieved?
Logged In: YES
user_id=8446
0.94.14rc19 (the current development / release candidate
effort) available at http://www.boa.org/ already implements
something very similar - ConcealServerIdentity.
I don't recall if I used your patch or not, but not very
many ways to do it. ;-)