Kind folks,
When I have a directory listing, Apache spits out every version number, e.g.:
Apache/2.2.8 (Win32) DAV/2 mod_ssl/2.2.8 OpenSSL/0.9.8g mod_autoindex_color PHP/5.2.5 Server at blahblahblah port blah
I'm really not a big fan of advertising security holes that I don't even know about -- why should I give extra information to someone who could find a security hole in my software? So I'd really, really like to disable this (and suggest that it be off by default in future versions of XAMPP, as it offers no useful information to users and potentially dangerous information to hackers).
I found suggestions for a CentOS install of Apache that suggested these be put in httpd.conf:
ServerSignature Off
ServerTokens ProductOnly
I did that, restarted the service, and still have the same problem, still have that big string of version numbers coming at me. I don't see directives anywhere else (e.g., within fancyindexing) that can suppress this.
Ideas? Suggestions?
Mike