Apache Security: Hide Apache Web Server Version number

Apache Security: Hide Apache Web Server Version number

Apache Web Server Version number with ServerSignature and ServerTokens directives

Open your httpd.conf file using text editor such as vi:

vi httpd.conf

There are two config directives that controls Apache version. The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default. The ServerTokens directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.

Append/modify config directive as follows:

ServerSignature Off
ServerTokens Prod

Save and close the file. Restart Apache web server:

/etc/init.d/httpd restart

Tags: , , , ,

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.