Add in "ServerSignature Off" to the httpd.conf file to remove that footer message from error pages..
 
--
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

 
On 1/30/06, kiran k <kiran_appsec@yahoo.com> wrote:
 
Thanks, I should have paid more attention on error string duh..
 
I was able to monitor server script, for deny I get forbidden page with (
Apache/2.0.55 (Unix) Server at 192.168.1.10 Port 80), I would like to avoid this, is there any thing else other than deny:redirect so that it just shows it blocked no more info about apache version.
 
 
Thanks,
 
 
 
 


Alon Agmon <aagmon@we-can.co.il> wrote:
Hi ,
Mod_proxy should be used as:
 
    ProxyPass / http://192.168.1.30 /
    ProxyPassReverse / http://192.168.1.30 /
 
Note the last slash.
 
 
 

From: mod-security-users-admin@lists.sourceforge.net [mailto: mod-security-users-admin@lists.sourceforge.net] On Behalf Of kiran k
Sent: Monday, January 30, 2006 7:02 AM
To: mod-security-users@lists.sourceforge.net
Subject: [mod-security-users] as reverse proxy
 
 
Hi:
 
I set it up exactly as described in the article. Basic test went fine, ie when I access http: 192.168.1.10 (which is proxy), it went to 192.168.1.30.
 
When I try access server scripts (ie http://192.168.1.10/cgi-bin/modsec-test.pl) I get proxy error, like below. What is missing ? Why DNS lookup for ipaddr ?
 
 
 
The proxy server received an i nvalid response from an upstream server.
The proxy server could not handle the request GET /cgi-bin/modsec-test.pl.
Reason: DNS lookup failure for: 192.168.1.30cgi-bin
 
Configuration:
 
<VirtualHost 192.168.1.10>
   
    ServerName localhost
    ProxyRequests Off
    ProxyPass / http://192.168.1.30
    ProxyPassReverse / http://192.168.1.30
 
   
    SecFilterEngine DynamicOnly
    SecFilterCheckURLEncoding On
</VirtualHost>
 
 
 
 
 
 
 
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Do you Yahoo!?
With a free 1 GB, there's more in store with Yahoo! Mail.


Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews, & more on new and used cars.