How to Hide Server Signature on Apache Web Server

r00t October 17, 2017

Hide Server Signature on Apache Web Server

In this tutorial we’ll learn how to hide server signature on apache web server. We will also install and configure its prerequisites. Server Signature is an important piece of information about your server and operating system. i.e. suppose, you are using an Apache server with CentOS operating system. The version number of Apache Server and Operating System information will be displayed in Server Signature.

I would recommend you to hide all sensitive Server Signature Information by disabling it. You can edit Apache configuration file or edit the Htaccess files, in order to minimize risk and to strengthen your system.

Hide Server Signature on Apache Web Server

Step 1. First, ensure your system and apt package lists are fully up-to-date by running the following:

apt-get update -y

Step 2. Disable Apache server signature

To hide web server version number, server operating system details, installed Apache modules and more, open your Apache web server configuration file using your favorite editor:

sudo nano /etc/apache2/apache2.conf  #Debian/Ubuntu systems
sudo nano /etc/httpd/conf/httpd.conf #RHEL/CentOS systems

And add/modify/append the lines below:

ServerTokens Prod
ServerSignature Off

After you add those lines, and reload apache:

sudo systemctl restart httpd

The results should look like this:

Before:

HTTP/1.1 200 OK
Date: Fri, 20 Nov 2017 12:20:30 GMT
Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4
X-Powered-By: PHP/5.2.3-1ubuntu6.4
Connection: close
Content-Type: text/html; charset=UTF-8

After:

HTTP/1.1 200 OK
Date: Fri, 20 Nov 2017 13:06:21 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=UTF-8

Congratulation’s! You have successfully disable Apache server signature on your CentOS server. Thanks for using this tutorial for installing hide server signature on apache web server on CentOS system.

Leave a Comment

Comments are closed.