apache:harden_apache:hide_web_server_version_from_appearing_in_http_header
Apache - Harden Apache - Hide web server version from appearing in http header
Add these lines into /etc/apache2/apache2.conf:
- /etc/apache2/apache2.conf
ServerTokens Prod ServerSignature Off
where ServerTokens controls what kind of information is sent to the header. Options available for ServerTokens include:
ServerTokens Prod[uctOnly] Server sends (e.g.): Server: Apache ServerTokens Major Server sends (e.g.): Server: Apache/2 ServerTokens Minor Server sends (e.g.): Server: Apache/2.0 ServerTokens Min[imal] Server sends (e.g.): Server: Apache/2.0.41 ServerTokens OS Server sends (e.g.): Server: Apache/2.0.41 (Unix) ServerTokens Full (or not specified) Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2
while ServerSignature is to allow configuration of a trailing footer line under server generated documents, such as error messages and mod_proxy ftp directory listings. Putting it to off will suppress the footer line.
Once added, restart or reload apache to activate the changes.
/etc/init.d/apache2 restart
To check for the header, you can use curl:
curl -I www.foo.net
where -I is for curl to grab just the http header.
returns:
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Apache/2.2.15 (Red Hat)
apache/harden_apache/hide_web_server_version_from_appearing_in_http_header.txt · Last modified: 2023/07/17 11:13 by peter