[checkmk-commits] 7083 SEC Apache sends out minimal information about the running software and platform to HTTP clients

Module: check_mk Branch: master Commit: 844e2472a0307fb5215ac8a549b2c2556fff7359 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=844e2472a0307f… Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt; Date: Tue Feb 12 18:27:42 2019 +0100 7083 SEC Apache sends out minimal information about the running software and platform to HTTP clients The site apache reports information about the running software and platform to the HTTP clients with each HTTP response using the "Server" HTTP header. It is common practice to minmize this information using the apache configuration option "ServerTokens Prod" which we do now for the site apache by default. We don't modify this setting for the system wide apache. You'll have to configure the system apache on your own in case you want to configure it to work in the same way. Change-Id: Ia70eb2a59ceeb4f2578e551a217abfecae8e9214 --- .werks/7083 | 17 +++++++++++++++++ .../apache-omd/skel/etc/apache/conf.d/security.conf | 3 +++ 2 files changed, 20 insertions(+) diff --git a/.werks/7083 b/.werks/7083 new file mode 100644 index 0000000..89da113 --- /dev/null +++ b/.werks/7083 @@ -0,0 +1,17 @@ +Title: Apache sends out minimal information about the running software and platform to HTTP clients +Level: 1 +Component: omd +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1549992283 +Class: security + +The site apache reports information about the running software and platform to +the HTTP clients with each HTTP response using the "Server" HTTP header. It is +common practice to minmize this information using the apache configuration +option "ServerTokens Prod" which we do now for the site apache by default. + +We don't modify this setting for the system wide apache. You'll have to +configure the system apache on your own in case you want to configure it to +work in the same way. diff --git a/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf b/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf index 8f1d5c1..54635fd 100644 --- a/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf +++ b/omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf @@ -40,3 +40,6 @@ Header always unset Content-Security-Policy </FilesMatch> </IfModule> + +# Provide minimal information about the running software version and platform to clients +ServerTokens Prod