Apache

mod_serverheader project site In my work, I have seen people performing security scans, going through audits, and stumbling upon information they wish they could hide about their webservers. One of the simplest questions that comes up over-and-over is regarding the Server header in Apache HTTPD responses; the thing with the arrows are pointing to below: # curl -I http://localhost/ HTTP/1.1 200 OK Date: Tue, 28 Feb 2017 20:56:24 EST Server: Apache/2.4.25 (Fedora) OpenSSL/1.0.2k-fips ◀◀◀◀◀◀◀◀ Content-Type: text/html; charset=UTF-8 There are a couple ways to reduce what is disclosed in the Server header. ...

There are just a few fundamental pieces to learn in order to get started with ModSecurity. Phases Actions and Rules Collections Phases There are 5 phases of request processing in ModSecurity 1. You can hook into any one these phases using the phase keyword when writing ModSecurity Actions and Rules. The 5 phases occur in this order: Request Headers Phase Request Body Phase Response Headers Phase Response Body Phase Logging Phase As you pass through the phases, you can still access the information from the previous phases. So, if you are not sure where to begin, start with Logging Phase 5. ...