Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-29, 13:09:33

Author Topic: Hiding unrelated infromation from headers  (Read 4535 times)

0 Members and 1 Guest are viewing this topic.

Offline BigWeb.EU

  • Valuable Member
  • *
  • Posts: 114
  • Karma: +0/-0
    • View Profile
Hiding unrelated infromation from headers
« on: 2016-12-17, 18:33:32 »
Hi Mustafa ,

Please make it possible to hide

X-Supported-By:Mr-Kloxo 7.0 (this exposes that servers Selinux is disabled)

plus :

php_expose off
ServerSignature Off
ServerTokens Prod

For bigger, more serious clients , who do audits for security sites - these options are always a problem, and they report it should be hidden/removed/adjusted. It would be great if this could be controlled Client wise / Server wise

Please see an example of Audit , and im sure more professional companies would recieve similar enquiries. So this would be really a good feature (I know i can change all manually, but with each update/cleanup there will be a chance they will come back :( )

Thanks

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Hiding unrelated infromation from headers
« Reply #1 on: 2016-12-18, 02:16:43 »
DO you know other CP where implementing selinux?.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline BigWeb.EU

  • Valuable Member
  • *
  • Posts: 114
  • Karma: +0/-0
    • View Profile
Re: Hiding unrelated infromation from headers
« Reply #2 on: 2016-12-18, 12:41:32 »
Hi, the problem is NOT enabling Selinux,

the porblem is TO HIDE INFROMATION IN HEADERS , so that hackers would never know which version(Apache/PHP) is running exactly, and wich CP is installed.

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Hiding unrelated infromation from headers
« Reply #3 on: 2016-12-18, 13:39:05 »
Hi, the problem is NOT enabling Selinux,

the porblem is TO HIDE INFROMATION IN HEADERS , so that hackers would never know which version(Apache/PHP) is running exactly, and wich CP is installed.
Hacker doesn't care for header. Most of them attack website code.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline BigWeb.EU

  • Valuable Member
  • *
  • Posts: 114
  • Karma: +0/-0
    • View Profile
Re: Hiding unrelated infromation from headers
« Reply #4 on: 2016-12-18, 13:53:51 »
1. Hacker do have big botnets scrapping the sites for required software (like they can make a list of all sites with Kloxo using header, and if onde day 0day vulnerability will popup - they might attack).

2. Serious comanies do not tolerate such answer (that hackers does not care) - they have rules to follow, so this is why i asked about it - because i have several companies and i need to manually remove headers :) (espacially after each update /cleanup )


Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Re: Hiding unrelated infromation from headers
« Reply #5 on: 2016-12-18, 17:52:04 »
+1 one from me - it's a must have !

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Hiding unrelated infromation from headers
« Reply #6 on: 2016-12-18, 20:39:00 »
No plan to remove/hide headers. You must use 'customize rule' to customize header.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

 


Top 4 Global Search Engines:    Google    Bing    Baidu    Yahoo
Click Here

Page created in 0.067 seconds with 21 queries.

web stats analysis