mod_headers 몇 가지 테스트

Print
Tech Note 정보
카테고리: [ Apache HTTP Server ]
조회수: 5154

mod_headers를 적용하기 전의 기본적인 헤더입니다.

  1. Accept-Ranges:
    bytes
  2. Connection:
    Keep-Alive
  3. Content-Length:
    25
  4. Content-Type:
    text/html
  5. Date:
    Sun, 07 Jun 2015 01:54:46 GMT
  6. ETag:
    "1417c3-19-517e24e68866d"
  7. Keep-Alive:
    timeout=3, max=100
  8. Last-Modified:
    Sun, 07 Jun 2015 00:07:09 GMT
  9. Server:
    Apache

 

1. set Nickname "HelloWorld" -> success

<IfModule mod_headers.c>
Header set Nickname "HelloWorld"
</IfModule>
  1. Accept-Ranges:
    bytes
  2. Connection:
    Keep-Alive
  3. Content-Length:
    25
  4. Content-Type:
    text/html
  5. Date:
    Sun, 07 Jun 2015 01:55:32 GMT
  6. ETag:
    "1417c3-19-517e24e68866d"
  7. Keep-Alive:
    timeout=3, max=100
  8. Last-Modified:
    Sun, 07 Jun 2015 00:07:09 GMT
  9. Nickname:
    HelloWorld
  10. Server:
    Apache

 

2. add Nickname "HelloWorld" -> success

<IfModule mod_headers.c>
Header add Nickname "HelloWorld"
</IfModule>
  1. Accept-Ranges:
    bytes
  2. Connection:
    Keep-Alive
  3. Content-Length:
    25
  4. Content-Type:
    text/html
  5. Date:
    Sun, 07 Jun 2015 01:56:07 GMT
  6. ETag:
    "1417c3-19-517e24e68866d"
  7. Keep-Alive:
    timeout=3, max=100
  8. Last-Modified:
    Sun, 07 Jun 2015 00:07:09 GMT
  9. Nickname:
    HelloWorld
  10. Server:
    Apache

 

3. append NickName "HelloWorld" -> success

<IfModule mod_headers.c>
Header append Nickname "HelloWorld"
</IfModule>
  1. Accept-Ranges:
    bytes
  2. Connection:
    Keep-Alive
  3. Content-Length:
    25
  4. Content-Type:
    text/html
  5. Date:
    Sun, 07 Jun 2015 01:56:46 GMT
  6. ETag:
    "1417c3-19-517e24e68866d"
  7. Keep-Alive:
    timeout=3, max=100
  8. Last-Modified:
    Sun, 07 Jun 2015 00:07:09 GMT
  9. Nickname:
    HelloWorld
  10. Server:
    Apache

 

그렇다면 혹시 Apache HTTP Server 의 보안 취약점 중 하나인 "Server" 헤더를 mod_headers를 이용하여 제거할 수 있을까요?

이번에는 이미 존재하고 있는 "Server" 헤더 값 대상으로 set, add, append 해보겠습니다.

 

4. set Server "HelloWorld" -> Fail

  1. Accept-Ranges:
    bytes
  2. Connection:
    Keep-Alive
  3. Content-Length:
    25
  4. Content-Type:
    text/html
  5. Date:
    Sun, 07 Jun 2015 02:17:38 GMT
  6. ETag:
    "1417c3-19-517e24e68866d"
  7. Keep-Alive:
    timeout=3, max=100
  8. Last-Modified:
    Sun, 07 Jun 2015 00:07:09 GMT
  9. Server:
    Apache

 

5. add Server "HelloWorld" -> Fail

  1. Accept-Ranges:
    bytes
  2. Connection:
    Keep-Alive
  3. Content-Length:
    25
  4. Content-Type:
    text/html
  5. Date:
    Sun, 07 Jun 2015 02:18:25 GMT
  6. ETag:
    "1417c3-19-517e24e68866d"
  7. Keep-Alive:
    timeout=3, max=100
  8. Last-Modified:
    Sun, 07 Jun 2015 00:07:09 GMT
  9. Server:
    Apache

 

6. append Server "HelloWorld" -> Fail

  1. Accept-Ranges:
    bytes
  2. Connection:
    Keep-Alive
  3. Content-Length:
    25
  4. Content-Type:
    text/html
  5. Date:
    Sun, 07 Jun 2015 02:19:30 GMT
  6. ETag:
    "1417c3-19-517e24e68866d"
  7. Keep-Alive:
    timeout=3, max=100
  8. Last-Modified:
    Sun, 07 Jun 2015 00:07:09 GMT
  9. Server:
    Apache

 

그렇다면 혹시 unset 은 되지 않을까요. 했는데...

 

7. unset Server "HelloWorld" -> Fail

 

이제 다시 Nickname 으로 돌아와서 몇 가지 추가 테스트를 더 해보겠습니다.

 

8. set Nickname "HelloWorld" & set Nickname "Goodbye World" -> 마지막 set인 Goodbye World로 헤더 값이 생성됨

<IfModule mod_headers.c>
Header set Nickname "HelloWorld"
Header set Nickname "GoodbyeWorld"
</IfModule>
  1. Accept-Ranges:
    bytes
  2. Connection:
    Keep-Alive
  3. Content-Length:
    25
  4. Content-Type:
    text/html
  5. Date:
    Sun, 07 Jun 2015 02:33:23 GMT
  6. ETag:
    "1417c3-19-517e24e68866d"
  7. Keep-Alive:
    timeout=3, max=100
  8. Last-Modified:
    Sun, 07 Jun 2015 00:07:09 GMT
  9. Nickname:
    GoodbyeWorld
  10. Server:
    Apache

 

9. set Nickname "HelloWorld" & set Nickname "Goodbye World" -> Nickname이라는 헤더 값이 두 개 생성됨

<IfModule mod_headers.c>
Header add Nickname "HelloWorld"
Header add Nickname "GoodbyeWorld"
</IfModule>
  1. Accept-Ranges:
    bytes
  2. Connection:
    Keep-Alive
  3. Content-Length:
    25
  4. Content-Type:
    text/html
  5. Date:
    Sun, 07 Jun 2015 02:35:29 GMT
  6. ETag:
    "1417c3-19-517e24e68866d"
  7. Keep-Alive:
    timeout=3, max=100
  8. Last-Modified:
    Sun, 07 Jun 2015 00:07:09 GMT
  9. Nickname:
    GoodbyeWorld
  10. Nickname:
    HelloWorld
  11. Server:
    Apache

 

10. set Nickname "HelloWorld" & set Nickname "Goodbye World" -> , (comma)에 의하여 헤더 값이 구분되어 생성됨

<IfModule mod_headers.c>
Header append Nickname "HelloWorld"
Header append Nickname "GoodbyeWorld"
</IfModule>
  1. Accept-Ranges:
    bytes
  2. Connection:
    Keep-Alive
  3. Content-Length:
    25
  4. Content-Type:
    text/html
  5. Date:
    Sun, 07 Jun 2015 02:36:11 GMT
  6. ETag:
    "1417c3-19-517e24e68866d"
  7. Keep-Alive:
    timeout=3, max=100
  8. Last-Modified:
    Sun, 07 Jun 2015 00:07:09 GMT
  9. Nickname:
    HelloWorld, GoodbyeWorld
  10. Server:
    Apache