Re: [mod-security-users] SecServerSignature VirtualHost
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-01-05 16:57:09
|
If you have your proxy rules inside different VirtualHost containers then you will need to use the Apache "Header" directive to alter the outbound "Server:" response token as ModSecurity will currently only allow the SecServerSignature directive in the main server config scope. Normally, you can not override the Server response header token with the Header directive as both the Date/Server tokens are added by Apache at a later processing hook. In proxy mode, however, the Header directive has full access to all of the Response headers and can thus set/unset/append, etc... any header they wish. Here is an example of how to use the Header directive within a VirtualHost container - <VirtualHost *:80> ServerAdmin web...@du... DocumentRoot /www/docs/dummy-host.example.com ServerName dummy-host.example.com ServerAlias www.dummy-host.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common ProxyPass / http://www.google.com ProxyPassReverse / http://www.google.com Header set Server "Test/1.0" </VirtualHost> As you can see, I am just using ProxyPass/ProxyPassReverse to proxy all inbound requests from my server onto www.google.com (this example is just for example purposes). Normally, when a client requests something, the normal response headers would be returned - # telnet localhost 80 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Tue, 26 Dec 2006 22:41:13 GMT Server: GWS/2.1 Cache-Control: private Content-Type: text/html Set-Cookie: PREF=3DID=3D8c4a81a6bfa11670:TM=3D1168015686:LM=3D1168015686:S=3DirP8gU7H= 83OSYUXb; expires=3DSun, 17-Jan-2038 19:14:07 GMT; path=3D/; domain=3D.google.com Connection: close As you can see, it returned the standard Server token from Google (GWS/2.1). After the example header config update, however, this is how it looks - # telnet localhost 80 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Tue, 26 Dec 2006 22:43:37 GMT Server: Test/1.0 Cache-Control: private Content-Type: text/html Set-Cookie: PREF=3DID=3Dcdd7491053d6486b:TM=3D1168015801:LM=3D1168015801:S=3DwHUNGDpO= wcCrj5FX; expires=3DSun, 17-Jan-2038 19:14:07 GMT; path=3D/; domain=3D.google.com Connection: close The Server token has now been changed to "Test/1.0". I hope this helps. --=20 Ryan C. Barnett Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache =20 > -----Original Message----- > From: mod...@li... [mailto:mod- > sec...@li...] On Behalf Of Edy > Sent: Friday, January 05, 2007 10:19 AM > To: mod...@li... > Subject: [mod-security-users] SecServerSignature VirtualHost >=20 > Hi, >=20 > Any chance to have it configurable per Virtual Host? >=20 > Since i am running ModSec is a Reverse proxy mode, having this directive > in the main conf does not mask the Server HTTP Header. > Please consider. >=20 > Thank you > Edy >=20 > ------------------------------------------------------------------------ - > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D= DEVDE V > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |