User Tools

Site Tools


apache_security_version

Hiding apache version

If you run a curl on your website similar to the curl below, does it return apache versions?
This is NOT secure. We will now make a simple change to the httpd.conf or apache2.conf file to hide this

Example curl:

curl -LIsX GET lukeslinux.co.uk | grep -i apache

Value Description
ServerTokens Prod This will configure apache not to send any version numbers in the HTTP header
Server Signature Off This will make sure apache does not display version number in footer of server generated pages

To hide the php value, turn the following value Off

ServerSignature On;
You will also need to change the following value:
ServerTokens Prod
Restart apache and you are done. Test again by rerunning the curl command.

apache_security_version.txt · Last modified: 2024/05/23 07:26 by 127.0.0.1

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki