apache_security_version
Hiding apache version
If you run a curl on your website similar to the curl below, does it return apache versions?
This is NOT secure. We will now make a simple change to the httpd.conf or apache2.conf file to hide this
Example curl:
curl -LIsX GET lukeslinux.co.uk | grep -i apache
| Value | Description |
|---|---|
| ServerTokens Prod | This will configure apache not to send any version numbers in the HTTP header |
| Server Signature Off | This will make sure apache does not display version number in footer of server generated pages |
To hide the php value, turn the following value Off
ServerSignature On;You will also need to change the following value:
ServerTokens ProdRestart apache and you are done. Test again by rerunning the curl command.
apache_security_version.txt · Last modified: 2024/05/23 07:26 by 127.0.0.1