Friday, June 12, 2009

Oracle HTTP Server Version Information Not visable in Error pages

Default the users can see which Application Server is used to serve the pages, for security reasons this is not desirable.

These messages can be removed by setting Signature Off in the httpd.conf instead of Signature On.

Signature On:

Forbidden
You don't have permission to access /pls/orasso on this server.
  _____  

Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server Server at sso.someserver.com Port 443



Signature Off


Forbidden
You don't have permission to access /pls/orasso on this server.



But now the signature is still in the HTTP Headers. This can be disabled by adding the line:

ServerTokens Prod

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.
on Friday, June 12, 2009 Labels:

2 comments:

  1. SteveJuly 27, 2009 at 3:40 PM

    Yes, this was a helpful post. Keep up the good work!

    ReplyDelete
  2. JackJanuary 28, 2013 at 3:27 PM

    Sharing this kind of information is a good practice. It help in up-gradation of knowledge and skills not only for beginners but also for the experts.
    sap upgrade transactions

    ReplyDelete

comment

Subscribe to: Post Comments (Atom)