Modsecurity oddity

Question

my mod security is loading fine but when I set the server token like so

SecServerSignature "Infodous Webserver" it returns
"Infodous Webserver mod_fcgid/2.3.6 PHP/5.4.39-0+deb7u1 proxy_html/3.0.1 Server at REDACTED Port 443"

Is it possible to make it say "Infodous Webserver" or "Infodous Webserver Server at REDACTED Port 443"

score 0 · Answer 1 · answered Mar 24 '15 at 23:55

0

It is but this is not related to mod_security; rather Apache

Check ServerTokens directive and set it to Prod

answered Mar 24 '15 at 23:55

Hrvoje Špoljar

5,162
25
42

I tried that and all it did was say Apache – tony player Mar 24 '15 at 23:58
At the same time you had SecServerSignature set ? – Hrvoje Špoljar Mar 25 '15 at 00:00
yes I had had ServerTokens set to Prod and SecServerSignature set – tony player Mar 25 '15 at 00:04

score 0 · Answer 2 · answered Mar 27 '15 at 21:27

https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecServerSignature:

In order for this directive to work, you must set the Apache ServerTokens directive to Full. ModSecurity will overwrite the server signature data held in this memory space with the data set in this directive. If ServerTokens is not set to Full, then the memory space is most likely not large enough to hold the new data we are looking to insert.

Modsecurity oddity

2 Answers2