Hide apache web server version
It is possible to hide apache web server version and other information. This is done for security reasons. It is not a good idea to broadcast the version of the software that you are running on the server. You should have noticed the following details(or something similar) when an error page is displayed.
Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6 Server at XXX.com Port 80
Add/Edit the two entries in the apache configuration file(httpd.conf)
ServerTokens Prod
ServerSignature Off : tells apache not to display the server version on error pages, or other pages it generates.
ServerTokens Prod : tells apache to only return Apache in the Server header, returned on every page request.
Restart the webserver.
Leave a Reply
You must be logged in to post a comment.