[WEB SECURITY] Securing apache installation with PHP

[Ryan Barnett]

Valid point.  The feasibility of utilizing this technique in
production will vary.  Of course there is overhead, how much depends
on tons of factors such as; load of visitor traffic, your CPU speed,
RAM, etc...

A more elegant approach would probably be to implement mod_perl and
have it alter this data on the fly.  At least with that mechanism,
mod_perl already has the perl interpreter fired up and ready to go.

OK, all you Perl Gurus on the list - the challenge that I pose to you
all is to come up with some code to not only alter the Server Banner
info but to also make it dynamic (meaning that it randomly changes). 
I would do this but my Perl-Fu needs some work and I just do have the
time.

Any takers?  

-- 
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GCUX, GSEC


On 5/19/05, Peter Motykowski <pmotykowski at suncorp.coop> wrote:
> > -----Original Message-----
> > From: Ryan Barnett
> > Sent: Thursday, May 19, 2005 9:15 AM
> > To: Peter Motykowski
> > Cc: websecurity at webappsec.org
> > Subject: Re: [WEB SECURITY] Securing apache installation with PHP
> 
> > ExtFilterDefine fixbanner mode=output ftype=30 \
> > cmd="/bin/sed s|Apache.*$|Netscape-Enterprise/4\.1|g"
> 
> Does spawning a shell command to alter the banner of each outgoing HTTP packet introduce a significant load to the Apache server?  I was doing something similar with the Apache's reverse proxy but never carried that experiment into a production environment.  In that instance I was substituting certain text strings with 'replace' and was worried about the scalability of such a solution.
> 
> Peter
>

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/