Server Administration & Management

How to hide Apache version

Open your Apache’s httpd.conf file

# vi /usr/local/apache/conf/httpd.conf “OR”

# vi /etc/http/conf/httpd.conf

and look for the line that says: “ServerSignature On“ Change it to ServerSignature Off” , this will hide the Apache version normally seen at the bottom of your 404 error pages) Then add “ServerTokens Prod” below that line, to hide the version in HTTP response headers

ServerTokens Prod[uctOnly] : Server sends (e.g.): Server: Apache
ServerTokens Major :: Server sends (e.g.): Server: Apache/2
ServerTokens Minor :: Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal] :: Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS :: Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified) :: Server sends (e.g.): Server: Apache/2.0.41(Unix)/PHP/4.2.2 MyMod/1.2

Restart your HTTP service

# /etc/init.d/httpd restart

Done! No more Apache version numbers. This setting applies to the entire server, and cannot be enabled or disabled on a virtualhost by virtualhost basis.


April 18, 2011 Posted by | Apache, Security | , , | 4 Comments