[Solved] For security reasons, hide header "Server: LightTPD/"
Added by david.lynch almost 6 years ago
We are running LightTPD for Windows and the "server.tag" doesn't seem to be supported, as adding it results in an error while trying to start the service.
When testing the website at https://www.htbridge.com/websec/, we are getting:
The web server discloses its version. This may allow attackers to use known vulnerabilities and conduct further attacks against it.
How set the server to give another response or even a blank one?
Operating System: Windows 10 x64
LightTPD version: lighttpd-1.4.49-1-win64-ssl, from http://lighttpd.dtech.hu/
What client you used: various
Replies (3)
RE: For security reasons, hide header "Server: LightTPD/" - Added by gstrauss almost 6 years ago
https://download.lighttpd.net/lighttpd/ does not provide Windows binaries.
However, lighttpd does build under Cygwin on Windows and supports server.tag
If the compiled binary that you downloaded from who-knows-where does not support it, then whoever built it broke it. Complain to them or build lighttpd yourself using Cygwin.
RE: [Solved] For security reasons, hide header "Server: LightTPD/" - Added by gstrauss almost 6 years ago
We are running LightTPD for Windows and the "server.tag" doesn't seem to be supported, as adding it results in an error while trying to start the service.
You are doing something wrong. See the lighttpd documentation and check your syntax.
server.tag = ""
should result in no Server: ... response header with any recent version of lighttpd, including lighttpd 1.4.49
RE: [Solved] For security reasons, hide header "Server: LightTPD/" - Added by david.lynch almost 6 years ago
Found that the server.tag isn't accepted on lighttpd.conf, but works at server-tag.conf.