MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Bugs and Requests => Topic started by: BigWeb.EU on 2016-12-17, 18:33:32
-
Hi Mustafa ,
Please make it possible to hide
X-Supported-By:Mr-Kloxo 7.0 (this exposes that servers Selinux is disabled)
plus :
php_expose off
ServerSignature Off
ServerTokens Prod
For bigger, more serious clients , who do audits for security sites - these options are always a problem, and they report it should be hidden/removed/adjusted. It would be great if this could be controlled Client wise / Server wise
Please see an example of Audit , and im sure more professional companies would recieve similar enquiries. So this would be really a good feature (I know i can change all manually, but with each update/cleanup there will be a chance they will come back :( )
Thanks
-
DO you know other CP where implementing selinux?.
-
Hi, the problem is NOT enabling Selinux,
the porblem is TO HIDE INFROMATION IN HEADERS , so that hackers would never know which version(Apache/PHP) is running exactly, and wich CP is installed.
-
Hi, the problem is NOT enabling Selinux,
the porblem is TO HIDE INFROMATION IN HEADERS , so that hackers would never know which version(Apache/PHP) is running exactly, and wich CP is installed.
Hacker doesn't care for header. Most of them attack website code.
-
1. Hacker do have big botnets scrapping the sites for required software (like they can make a list of all sites with Kloxo using header, and if onde day 0day vulnerability will popup - they might attack).
2. Serious comanies do not tolerate such answer (that hackers does not care) - they have rules to follow, so this is why i asked about it - because i have several companies and i need to manually remove headers :) (espacially after each update /cleanup )
-
+1 one from me - it's a must have !
-
No plan to remove/hide headers. You must use 'customize rule' to customize header.