Dear Experts,
1. I have installed apache 2.2.22 version for web interface in AIX 7.1 server
2. i am using the apache for req routing using re write rule (mod writers)
3. in the year of 2008 my collegue compiled the apache with openssl version OpenSSL/0.9.8k
4. This version is having security threads and hence the info sec team advised to update he openssl to new version.
5. But Now my apache architecture is not using openssl so i have removed the openssl from the server and recomplied the apache with latest verson 2.2.22.
still when a http req hit the server it is showing the banner "Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8k"
-------------------------------------------------
hulstms> telnet inpartnerdev.u.com 80
Trying...
Connected to inpartnerdev.u.com.
Escape character is '^]'.
GET / HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Thu, 17 Jan 2013 11:58:02 GMT
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8k
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
Connection closed.
Desired Output :-
hulstms> telnet inpartnerdev.u.com 80
Trying...
Connected to inpartnerdev.u.com.
Escape character is '^]'.
GET / HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Thu, 17 Jan 2013 11:58:02 GMT
Server: Apache/2.2.22 (Unix)
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
Connection closed.
only because of this the security team is commenting red in audit.
do u know the location of this banner file where i can manually edit that.
Regards
Bala
