Yes you are free to disable the ezinfo/about page if you want. If I am not mistaken you can remove this by commenting out PolicyOmitList[]=ezinfo in your site.ini file. Users wanting to view the ezinfo/about will now require permission which they don`t have by default.
Look through the kernel/ directory for different modules/views which you might not need and can disable.
well, creating a virtual url to overide ezinfo/<anything> doest work on ezp 3.4.2
PolicyOmitList[]=ezinfo doest work too. Any ideas without the need to dig in the php code ?
Blocking or disabling ezinfo can be done in a couple of ways. On Apache you could add some .htaccess or RewiteRules and/or within eZ you could add some policy omit rules. But why? It's not going to make a site any more secure.
Is this a way of ( not ) solving a problem that doesn't exist?
What risks does this step resolve? I doubt that not announcing your version number and installed extensions is a way to secure a system. If the site is vulnerable to attack I don't think it would be because the ezinfo/about is working. Security through obscurity is not best practice... it's not even second-best. Your system needs to be made secure; even when everyone knows how it works. One reason why widely used opensource software tends towards being very secure.
