Is there a way to prevent the Domino Server revealing specific information about the version of Server software being used?
I know it can be done using roles on internet sites. However i am not using this method to host my sites.
Any ideas?
Subject: Revealing server version - security risk
if you search in here you’ll find several ini varaibles to remove the server information from several different places.
Subject: RE: Revealing server version - security risk
I did search but got no hits. i’ll try again…
Subject: RE: Revealing server version - security risk
removing version from smtp received (inbound) field SMTPNoVersionInRcvdHdr=1
remove the servername from the smtp greeting
SMTPGreeting=your greeting text here
remove $MIMETrack on outgoing smtp messages
see
imap greetings are in the server configuration document
i don’t think the pop3 greeting can be changed as yet
Subject: RE: Revealing server version - security risk
Thanks a bunch Raymond. this helps greatly. I suppose if I want to suppress the server software in the HTTP response header I could do something like HTTPNoVersionInRcvdHdr=1 right?
Subject: RE: Revealing server version - security risk
i don’t think that’ll work. if you use internet site documents you could try adding a custom response header (that overwrites the server one) via a web site rule. not sure if it’ll work as i haven’t tried it (we don’t use site docs)
Subject: RE: Revealing server version - security risk
We dont use site docs either…so i’m trying the changes to the INI file. Will see if that works.