Try OpenEdge Now
skip to main content
WebSpeed Essentials
Running and Deploying WebSpeed Applications : WebSpeed security : Securing your Web server : Hiding your Web server type and version
Hiding your Web server type and version
It is good practice to hide the brand and version of your Web server process to make it harder for "script-kiddies" to find out which Web server you are using.
To see how your Web server responds, use a Telnet session to access the port that the Web server is listening to. The default port is 80. The following procedure shows the commands to type. Replace the hostname with your Web server's name. You might find that when you type GET / HTTP/1.0 it might not be echoed back to you:
To check your Web server response:
1. Type telnet hostname 80 and press ENTER.
2. Type GET / HTTP/1.0 and press ENTER twice.
Note: Be sure to type a space preceding and following the first / in the GET / HTTP/1.0 command.
The following is echoed back to you:
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.1
Date: Fri, 11 Jul 2003 16:59:53 GMT
Content-Type: text/html
. . . HTML text of the default page . . .
In the previous example, you can see that the Web server is Microsoft's Internet Information Server (IIS) Version 5.1.
If you can modify the HTTP headers, make the Server setting return a generic name, like WebServer. Consult your Web server's documentation to see if it is possible and how to modify the HTTP headers.