[WEB SECURITY] Securing apache installation with PHP

Randal L. Schwartz merlyn at stonehenge.com
Thu May 19 16:57:04 EDT 2005


>>>>> "Peter" == Peter Motykowski <pmotykowski at suncorp.coop> writes:

>> ExtFilterDefine fixbanner mode=output ftype=30 \
>> cmd="/bin/sed s|Apache.*$|Netscape-Enterprise/4\.1|g"

Peter> Does spawning a shell command to alter the banner of each
Peter> outgoing HTTP packet introduce a significant load to the Apache
Peter> server?  I was doing something similar with the Apache's
Peter> reverse proxy but never carried that experiment into a
Peter> production environment.  In that instance I was substituting
Peter> certain text strings with 'replace' and was worried about the
Peter> scalability of such a solution.

It would seem to me that specifying an external filtering command
like that would be fatal in any site getting more than a few hits a second.

Your mileage may vary under that. :)

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list