Re: [mod-security-users] SecServerSignature VirtualHost
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SecServerSignature VirtualHost
|
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-01-05 16:57:09
|
If you have your proxy rules inside different VirtualHost containers
then you will need to use the Apache "Header" directive to alter the
outbound "Server:" response token as ModSecurity will currently only
allow the SecServerSignature directive in the main server config scope.
Normally, you can not override the Server response header token with the
Header directive as both the Date/Server tokens are added by Apache at a
later processing hook. In proxy mode, however, the Header directive has
full access to all of the Response headers and can thus
set/unset/append, etc... any header they wish.
Here is an example of how to use the Header directive within a
VirtualHost container -
<VirtualHost *:80>
ServerAdmin web...@du...
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
ProxyPass / http://www.google.com
ProxyPassReverse / http://www.google.com
Header set Server "Test/1.0"
</VirtualHost>
As you can see, I am just using ProxyPass/ProxyPassReverse to proxy all
inbound requests from my server onto www.google.com (this example is
just for example purposes). Normally, when a client requests something,
the normal response headers would be returned -
# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Tue, 26 Dec 2006 22:41:13 GMT
Server: GWS/2.1
Cache-Control: private
Content-Type: text/html
Set-Cookie:
PREF=3DID=3D8c4a81a6bfa11670:TM=3D1168015686:LM=3D1168015686:S=3DirP8gU7H=
83OSYUXb;
expires=3DSun, 17-Jan-2038 19:14:07 GMT; path=3D/; domain=3D.google.com
Connection: close
As you can see, it returned the standard Server token from Google
(GWS/2.1). After the example header config update, however, this is how
it looks -
# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Tue, 26 Dec 2006 22:43:37 GMT
Server: Test/1.0
Cache-Control: private
Content-Type: text/html
Set-Cookie:
PREF=3DID=3Dcdd7491053d6486b:TM=3D1168015801:LM=3D1168015801:S=3DwHUNGDpO=
wcCrj5FX;
expires=3DSun, 17-Jan-2038 19:14:07 GMT; path=3D/; domain=3D.google.com
Connection: close
The Server token has now been changed to "Test/1.0".
I hope this helps.
--=20
Ryan C. Barnett
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
=20
> -----Original Message-----
> From: mod...@li... [mailto:mod-
> sec...@li...] On Behalf Of Edy
> Sent: Friday, January 05, 2007 10:19 AM
> To: mod...@li...
> Subject: [mod-security-users] SecServerSignature VirtualHost
>=20
> Hi,
>=20
> Any chance to have it configurable per Virtual Host?
>=20
> Since i am running ModSec is a Reverse proxy mode, having this
directive
> in the main conf does not mask the Server HTTP Header.
> Please consider.
>=20
> Thank you
> Edy
>=20
>
------------------------------------------------------------------------
-
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to
share
> your
> opinions on IT & business topics through brief surveys - and earn cash
>
http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3D=
DEVDE
V
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
|