One of the things most security consultants recommend is to reveal as little information as possible about the software versions and types you use on the Internet. However, most administrators neglect to modify their web servers' banner (the HTTP server type and version returned when the server replies to an HTTP request). The following HOWTO explains how to configure the different web servers to return bogus versions.
NOTE: Modifying the programs below may void your warranty, patch availability, and may even cause the server to stop functioning.
Netscape Enterprise Server (3.6 SP3 - on Solaris 2.6):
1. Stop the web server.
2. Edit the file /usr/netscape/suitespot/bin/ns-httpd.so. Find and replace the string "Netscape-Enterprise" with "<whatever you want>"
3. Save the file and ftp it back to the Solaris box. Copy it back to its original location.
4. Start the web server.
Upon connecting and issuing a GET / HTTP/1.0, you should get the following response:
HTTP/1.1 200 OK
Server: <Whatever you typed in the hex editor>/3.6 SP3
Date: Fri, 25 Feb 2000 23:20:07 GMT
Apache:
There is an httpd.h file in the Apache source tree that allows you to modify the server type line in the HTTP header. Make sure you compile all Apache modules before making any modifications to the httpd.h file (i.e. PHP will not compile unless the string is set to the default).
Once all modules are compiled, you can modify the string prior to compiling Apache, or use Dennis Marti's patch for Apache that rotates 5-6 different server type lines with each request.
Microsoft IIS4 and IIS5:
1. Stop the World Wide Web Publishing service, and then edit
%systemroot%/system32/inetstrv/w3svc.dll
2. You can use notepad to edit it, or get a free hex editor.
3. Change both instances of 'Microsoft IIS/4.0' or 'Microsoft IIS/5.0'
inside the file. Both instances are located almost next to each other.
4. Restart the World Wide Web Publishing service.
Here is the output to a GET / HTTP/1.0:
GET / HTTP/1.0
HTTP/1.1 200 OK
Server: <whatever you changed it to>web server>
Date: Sat, 07 Apr 2001 02:13:48 GMT
Connection: Keep-Alive
Content-Length: 1270
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQQQGVFK=MJMLILDDLINNBHMPJIBEJCGL; path=/
Cache-control: private
