401未授权页面显示服务器信息。这是安全问题吗?


1

我有密码保护我的/管理员目录,但当我按取消时,该站点显示401 Unauthorized页面

Unauthorized 
This server could not verify that you are authorized 
to access the document requested. Either you supplied the wrong 
credentials (e.g., bad password), or your browser doesn't understand 
how to supply the credentials required.
            Apache Server at www.my-domain.com Port 80

我的问题在于Apache服务器www.my-domain.com端口80我明白,对于haxors来说并不是真的很重要,是否需要从页面中删除它或者它不是问题?

Answers:


2

这应该不是问题,因为到达该页面可能需要该信息。例如,如果您在浏览器中访问www.mycompanysite.com/wherever,则假定您使用的是端口80(http)。此外,它提供服务器的外部/公共名称,因此不会发出内部信息。

话虽这么说,如果你想要改变401消息并不是一个挑战。(见这里:http//www.webmasterworld.com/apache/3680523.htm

By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.