Web security server

karthikms · May 31, 2020, 4:50am

hello guyz
i went to /etc/httpd/conf/httpd.conf file and i have added these at the end
Server Tocken Prod
ServerSignature off
and i restarted httpd by command systemctl restart httpd.service

now how do i check the version is disabled for Q.no1 and what are the next steps for Qno2.
kindly help i am confused
@Tej-Singh-Rana
@swaroopcs88
@Salim

thanks

swaroopcs88 · May 31, 2020, 6:03am

could you try as per this url and see if it helps?

let me know if you still have any questions.

thanks
Swaroop

Tej-Singh-Rana · May 31, 2020, 6:23am

curl -I http://your-ip:port
and try in web browser as well.

karthikms · May 31, 2020, 4:26pm

Port is 8080 right and how to check this in web browser? I don’t understand.
@player001

karthikms · May 31, 2020, 4:28pm

Ya using the same thing I added server tocken prod and server signature off in the end and saved and restarted and when I check https -v I can still see the apache version.
@swaroopcs88

Tej-Singh-Rana · June 1, 2020, 1:42am

You can see a option right side of terminal. Where you can display the port and redirect to URL.

swaroopcs88 · July 6, 2020, 3:29am

@Tej-Singh-Rana

Hi Tej,
other than updating the this settings.

am I supposed to update any other things in httpd.conf file.
before updating the httpd.conf apache version and os details were seen in curl results.

after updating:

however, task was failed with this error message.

am I supposed to make any changes with respect to the section b of the question.
Because I didn’t make any changes with respect to that. Please check and advise.
Thanks
Swaroop

swaroopcs88 · July 6, 2020, 3:31am

@Inderpreet @kodekloud-support3
Please check and advise what was the mistake I did.
Thank you

Tej-Singh-Rana · July 6, 2020, 6:10am

You have to disable directory listing as well by adding following inputs.
From

<Directory /var/www/html/news >
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

To

<Directory /var/www/html/news >
        Options FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

swaroopcs88 · July 6, 2020, 8:46am

Thank you @Tej-Singh-Rana Tej

akshayyw · July 19, 2020, 10:31am

Hi @swaroopcs88 @Tej-Singh-Rana after doing the necessary steps when i went to verify using display port it shows me connecting to port 80 as the page is forbidden.
Is this what is expected as end result . Pls advice.

deb · August 2, 2020, 8:08am

Hi @Tej-Singh-Rana Tej,

To hide the directory listing, is it good to make the above changes in /etc/httpd/conf/httpd.conf

or create .htaccess in the specific directory and add option

Options -Indexes

Tej-Singh-Rana · August 2, 2020, 8:48am

Go with /etc/httpd/conf/httpd.conf, if in the question no hint for .htaccess.

yogendra · September 5, 2020, 6:29am

hi @akshayyw

i got the same page as you received during testing and my task is success for the same. What about you?

Regards,
Yogendra