Webserver
Before we explain the different ways by which we can identify the running web server, the true identity can be hidden or obfuscation. So we can never be 100% percent sure of the results. Web server obfuscation is a good security practice and should be used as a defence in depth measure. There are two major ways to obfuscate web server identity
1) Web Server Obfuscation Through Proxy
In this senario, a reverse proxy server is used to forward
Most scanners can easily identify the type of the running web server. Usually sending an HTTP GET request is enough to reveal the identity if the web server. A sample GET request is displayed below.
//GET Request
GET /index.html HTTP/1.1
Host: www.somewebsite.com
//GET Response
HTTP/1.1 200 OK
Date: Mon, 14 Jan 2013 06:00:00 GMT
Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux)
Content-Type: text/html; charset=UTF-8
Content-Length: 200
Connection: close
//Content
GET /index.html HTTP/1.1
Host: www.somewebsite.com
//GET Response
HTTP/1.1 200 OK
Date: Mon, 14 Jan 2013 06:00:00 GMT
Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux)
Content-Type: text/html; charset=UTF-8
Content-Length: 200
Connection: close
//Content
0 评论:
发表评论