How to Hide Apache Version Number and Other Sensitive Info

Subject:

ServerTokens

It determines if the server response header field that is sent back to clients contains a description of the server OS-type and info concerning enabled Apache modules.

This directive has the following possible values (plus sample info sent to clients when the specific value is set):

ServerTokens Full (or not specified) Info sent to clients: Server: Apache/2.4.2 (Unix) PHP/4.2.2 MyMod/1.2 ServerTokens Prod[uctOnly] Info sent to clients: Server: Apache ServerTokens Major Info sent to clients: Server: Apache/2 ServerTokens Minor Info sent to clients: Server: Apache/2.4 ServerTokens Min[imal] Info sent to clients: Server: Apache/2.4.2 ServerTokens OS Info sent to clients: Server: Apache/2.4.2 (Unix)

Note: After Apache version 2.0.44, the ServerTokens directive also controls the info offered by the ServerSignature directive.

Suggested Read: 5 Tips to Boost Performance of Apache Web Server

To hide web server version number, server operating system details, installed Apache modules and more, open your Apache web server configuration file using your favorite editor:

$ sudo vi /etc/apache2/apache2.conf #Debian/Ubuntu systems $ sudo vi /etc/httpd/conf/httpd.conf #RHEL/CentOS systems

And add/modify/append the lines below:

ServerTokens Prod ServerSignature Off

Save the file, exit and restart your Apache web server like so:

$ sudo systemctl apache2 restart #SystemD $ sudo sevice apache2 restart #SysVInit

In this article, we explained how to hide the Apache web server version number plus lots more info about your web server using certain Apache directives.

If you are running PHP in your Apache web server, I suggest you to Hide PHP Version Number.

2017-01-24 15:47:47gstlouis