I'm going to show you a simple way how to pretend your IIS web-server as Apache. The way based on Helicon Ape tool. I will remind you Helicon Ape is Apache emulator under IIS execution environment. It emulates some Apache modules and HeliconTech is going to extend Ape functionality in the future.
Now we need only one Helicon Ape module - mod_headers. It helps you to manage request and response HTTP headers. But you have to know, there are a few technical differences between mod_headers for Apache and for Helicon Ape. Apache doesn't allow to modify some basic headers and the way described here isn't appropriate for.
Ok. Let's do it.
I told supra I'm going to modify HTTP headers. If we want pretend a server we have to modify response headers. I've requested http://localhost:80/index.html under IIS7 and I've got these response headers:
The same request under Apache gives me these headers:
You can see Server and X-Powered-By headers are giving my IIS server away. What can we do for that? I think we have to remove X-Powered-By header and set for Server header a new value.
Here is the rule for .htaccess file which sets Server header
Header set Server "Apache/2.2.9 (Win32) PHP/5.2.6"To remove X-Powered-By we could use this rule:
Header unset X-Powered-ByBut unfortunately it's not possible for X-Powered-By because the thing which sets it operates after Helicon Ape. You can remove the header manually in IIS Manager:
Finally the response should looks like:
and this is what I wanted.
P.S.: This notice hasn't security context, because there are a lot of smart hacker tools, e.g. nmap, is able to tell much more about your web-server. I just wanted to show how it possible to use Helicon Ape.
0 comments:
Post a Comment