====== Apache - Harden Apache - Hide web server version from appearing in http header ======
Add these lines into /etc/apache2/apache2.conf:
ServerTokens Prod
ServerSignature Off
where ServerTokens controls what kind of information is sent to the header. Options available for ServerTokens include:
ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS
Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2
while **ServerSignature** is to allow configuration of a trailing footer line under server generated documents, such as error messages and mod_proxy ftp directory listings. Putting it to off will suppress the footer line.
Once added, restart or reload apache to activate the changes.
/etc/init.d/apache2 restart
To check for the header, you can use curl:
curl -I www.foo.net
where -I is for curl to grab just the http header.
returns:
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Apache/2.2.15 (Red Hat)