I have added these 2 lines in my etc/apache2.conf file, and it hid the OS and apache version.
ServerSignature Off
ServerTokens Prod
But after all I can see the header with server name
Server Apache
How to hide this information as well ? I am using Debian 7, apache v 2.2
Thanks
Apache on its own cannot completely unset the Server header (not even with mod_headers).
This appears to be by design, as discussed by the Apache devs.
There is a way to do this using ModSecurity, but I know little about that. Instead, these people have it all figured out already:
https://unix.stackexchange.com/questions/124137/change-apache-httpd-server-http-header
I can verify that this works, just tried on Debian 7.6.
edit:
install mod security for apache and then add this in your apache2.conf
.
<IfModule security2_module>
SecRuleEngine on
ServerTokens Full
SecServerSignature " "
</IfModule>
After this restarting the apache, Server header will disappear
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With