AnsweredAssumed Answered

Need help with Apache

Question asked by Skip Hong on Apr 17, 2014
Latest reply on Apr 20, 2014 by djprakash

In light of "Apache Web Server ETag Header Information Discloure Weakness" picked up from the scan result on a server in our environment, we followed the recommended solution to configure FileETag directive in httpd.conf as follows:

 

<Directory />

    Options -Indexes FollowSymLinks

    AllowOverride None

    Order allow,deny

    Allow from all

    FileETAG-Inode

</Directory>

 

After the change, we still pick up the same vulnerability on the server. 

 

I am not an expert on the Apache web server.  Can someone please help?

 

Thanks,

Outcomes