Friday, June 12, 2009

Oracle HTTP Server Version Information Not visable in Error pages

Default the users can see which Application Server is used to serve the pages, for security reasons this is not desirable.

These messages can be removed by setting Signature Off in the httpd.conf instead of Signature On.

Signature On:

Forbidden
You don't have permission to access /pls/orasso on this server.
  _____  

Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server Server at sso.someserver.com Port 443



Signature Off:


Forbidden
You don't have permission to access /pls/orasso on this server.



Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.
on Friday, June 12, 2009 Labels:

1 reactions:

Steve said...

Yes, this was a helpful post. Keep up the good work!

July 27, 2009 3:40 PM

Post a Comment

comment

Subscribe to: Post Comments (Atom)