Interesting Notes.ini setting...
Category Software Development
While scanning the Knowledgebase this morning, I ran across this technote. Not a bad idea to make it a little harder for hackers to tell what your platform might be...
Problem:
When you go to a Domino web site and request a page, the HTML source displays the operating system platform and Domino version. How can you hide this header information?
<HTML>
<!-- Lotus-Domino (Release 5.0.1a - August 17, 1999 on Windows NT/Intel) -->
<HEAD>
Solution:
Beginning with R5.0.2, you can add the NOTES.INI parameter, DominoNoBanner=1, to suppress the header information.
Excerpt from the Lotus Notes and Lotus Domino Release 5.0.2 QMR fix list:
Web Server - Web Palette
An issue still exists in that the server information may be displayed (1) when the server generates an error page or (2) when you open a telnet session into the HTTP port of the server. This issue was reported to Lotus Quality Engineering and has been addressed in Domino 5.0.9.
Excerpt from the Lotus Notes and Domino Release 5.0.9 MR fix list (available at http://www.notes.net):
Web Server - Security
SPR# WRAY4X3JWB - The Web Server will no longer display the version of Domino running on HTTP when DominoNoBanner=1 is set in the notes.ini file
Supporting Information:
An enhancement request (SPR# SONL4BSSCX) has been submitted to have this option added to the Domino Web Engine tab in the Server document.
If a router or firewall uses Network Address Translation (NAT), then along with the server version, the internal IP address can be displayed in the Web server's response to the HTTP request. If you are unable to upgrade to Domino 5.0.9 or later, then this issue can be avoided by putting the fully qualified host name in the "Host Name" field of the Server document (Internet Protocols section, HTTP).
Related Documents:
Historical Number: 182595
While scanning the Knowledgebase this morning, I ran across this technote. Not a bad idea to make it a little harder for hackers to tell what your platform might be...
Problem:
When you go to a Domino web site and request a page, the HTML source displays the operating system platform and Domino version. How can you hide this header information?
<HTML>
<!-- Lotus-Domino (Release 5.0.1a - August 17, 1999 on Windows NT/Intel) -->
<HEAD>
Solution:
Beginning with R5.0.2, you can add the NOTES.INI parameter, DominoNoBanner=1, to suppress the header information.
Excerpt from the Lotus Notes and Lotus Domino Release 5.0.2 QMR fix list:
Web Server - Web Palette
- SPR# AWHN4A8QWM - Include a new notes.ini variable, "DominoNoBanner=1", to suppress the Domino version/platform information in HTML that is generated by the Web server [5.0.2]
An issue still exists in that the server information may be displayed (1) when the server generates an error page or (2) when you open a telnet session into the HTTP port of the server. This issue was reported to Lotus Quality Engineering and has been addressed in Domino 5.0.9.
Excerpt from the Lotus Notes and Domino Release 5.0.9 MR fix list (available at http://www.notes.net):
Web Server - Security
SPR# WRAY4X3JWB - The Web Server will no longer display the version of Domino running on HTTP when DominoNoBanner=1 is set in the notes.ini file
Supporting Information:
An enhancement request (SPR# SONL4BSSCX) has been submitted to have this option added to the Domino Web Engine tab in the Server document.
If a router or firewall uses Network Address Translation (NAT), then along with the server version, the internal IP address can be displayed in the Web server's response to the HTTP request. If you are unable to upgrade to Domino 5.0.9 or later, then this issue can be avoided by putting the fully qualified host name in the "Host Name" field of the Server document (Internet Protocols section, HTTP).
Related Documents:
Historical Number: 182595
| Permalink |
Comments
it is also a good idea to hide the SMTP Domino Version via this notes.ini entry here:
{ Link }
Posted by Bernd Webster At 14:26:30 On 25/05/2009 | - Website - |