Hide apache web server version

It is possible to hide apache web server version and other information. This is done for security reasons. It is not a good idea to broadcast the version of the software that you are running on the server. You should have noticed the following details(or something similar) when an error page is displayed.

Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6 Server at XXX.com Port 80

Add/Edit the two entries in the apache configuration file(httpd.conf)

ServerSignature Off
ServerTokens Prod

ServerSignature Off : tells apache not to display the server version on error pages, or other pages it generates.
ServerTokens Prod : tells apache to only return Apache in the Server header, returned on every page request.

Restart the webserver.

$ service httpd restart

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.