Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Completely hide server name apache

I have added these 2 lines in my etc/apache2.conf file, and it hid the OS and apache version.

ServerSignature Off
ServerTokens Prod

But after all I can see the header with server name

Server  Apache

How to hide this information as well ? I am using Debian 7, apache v 2.2

Thanks

like image 274
dav Avatar asked Oct 10 '14 10:10

dav


1 Answers

Apache on its own cannot completely unset the Server header (not even with mod_headers).

This appears to be by design, as discussed by the Apache devs.

There is a way to do this using ModSecurity, but I know little about that. Instead, these people have it all figured out already:

https://unix.stackexchange.com/questions/124137/change-apache-httpd-server-http-header

I can verify that this works, just tried on Debian 7.6.

edit: install mod security for apache and then add this in your apache2.conf.

<IfModule security2_module>
    SecRuleEngine on
    ServerTokens Full
    SecServerSignature " "
</IfModule> 

After this restarting the apache, Server header will disappear

like image 98
Ramón Avatar answered Sep 28 '22 07:09

Ramón