diff --git a/nmap-service-probes b/nmap-service-probes index 794240cac..432d35403 100644 --- a/nmap-service-probes +++ b/nmap-service-probes @@ -10495,7 +10495,8 @@ match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticat match ssl/http m|^\n\n400 Bad Request\n\n

Bad Request

\n

Your browser sent a request that this server could not understand\.
\nReason: You're speaking plain HTTP to an SSL-enabled server port\.
\n.*

Apache/([\w._-]+) (.*) Server at ([\w._*-]+) Port \d+
|s p/Apache httpd/ v/$1/ i/$2; SSL-only mode/ h/$3/ cpe:/a:apache:http_server:$1/ # These lines don't have a strong enough match, so we only match ssl and let Nmap start over inside the tunnel. match ssl m|^\n\n400 Bad Request\n\n

Bad Request

\n

Your browser sent a request that this server could not understand\.
| p/Apache httpd/ i/SSL-only mode/ cpe:/a:apache:http_server/ -match ssl m|^HTTP/1\.1 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: Apache[^\r\n]*\r\n.*\n\n400 Bad Request\n\n

Bad Request

\n

Your browser sent a request that this server could not understand\.
|s p/Apache httpd/ i/SSL-only mode/ cpe:/a:apache:http_server/ +# Too broad to be certain that it's SSL. Matched non-SSL at least once. +#match ssl m|^HTTP/1\.1 400 Bad Request\r\n(?:[^\r\n]+\r\n)*?Server: Apache[^\r\n]*\r\n.*\n\n400 Bad Request\n\n

Bad Request

\n

Your browser sent a request that this server could not understand\.
|s p/Apache httpd/ i/SSL-only mode/ cpe:/a:apache:http_server/ # Then look for detailed version info in the body which might be better quality than what's in the Server header. match http m|^.*

Apache/([\d.]+) \([^)]+\) ?(.*) Server at ([-\w_.]+) Port \d+
\n\n|si p/Apache httpd/ v/$1/ i/$2/ h/$3/ cpe:/a:apache:http_server:$1/ match http m|^.*
Apache/([\d.]+) \([^)]+\) Server at ([-\w_.]+) Port \d+
\n\n|si p/Apache httpd/ v/$1/ h/$2/ cpe:/a:apache:http_server:$1/