How do I find the version of Apache running without access to the command line?

Question

I need to either find a file in which the version is encoded or a way of polling it across the web so it reveals its version. The server is running at a host who will not provide me command line access, although I can browse the install location via FTP.

I have tried HEAD and do not get a version number reported.

If I try a missing page to get a 404 it is intercepted, and a stock page is returned which has no server information on it. I guess that points to the server being hardened.

Still no closer...

I put a PHP file up as suggested, but I can't browse to it and can't quite figure out the URL path that would load it. In any case I am getting plenty of access denied messages and the same stock 404 page. I am taking some comfort from knowing that the server is quite robustly protected.

Answer 1

The method

Connect to port 80 on the host and send it

HEAD / HTTP/1.0

This needs to be followed by carriage-return + line-feed twice

You'll get back something like this

HTTP/1.1 200 OK
Date: Fri, 03 Oct 2008 12:39:43 GMT
Server: Apache/2.2.9 (Ubuntu) DAV/2 SVN/1.5.0 PHP/5.2.6-1ubuntu4 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Thu, 02 Aug 2007 20:50:09 GMT
ETag: "438118-197-436bd96872240"
Accept-Ranges: bytes
Content-Length: 407
Connection: close
Content-Type: text/html; charset=UTF-8

You can then extract the apache version from the Server: header

Typical tools you can use

You could use the HEAD utility which comes with a full install of Perl's LWP library, e.g.

HEAD http://your.webserver.com/

Or, use the curl utility, e.g.

 curl --head http://your.webserver.com/

You could also use a browser extension which lets you view server headers, such as Live HTTP Headers or Firebug for Firefox, or Fiddler for IE

Stuck with Windows?

Finally. if you're on Windows, and have nothing else at your disposal, open a command prompt (Start Menu->Run, type "cmd" and press return), and then type this

telnet your.webserver.com 80

Then type (carefully, your characters won't be echoed back)

HEAD / HTTP/1.0

Press return twice and you'll see the server headers.

Other methods

As mentioned by cfeduke and Veynom, the server may be set to return limited information in the Server: header. Try and upload a PHP script to your host with this in it

<?php phpinfo() ?>

Request the page with a web browser and you should see the Apache version reported there.

You could also try and use PHPShell to have a poke around, try a command like

/usr/sbin/apache2 -V

Answer 2

httpd -v will give you the version of Apache running on your server (if you have SSH/shell access).

The output should be something like this:

Server version: Apache/2.2.3
Server built:   Oct 20 2011 17:00:12

As has been suggested you can also do apachectl -v which will give you the same output, but will be supported by more flavours of Linux.

Answer 3

Rarely, a hardened HTTP server is configured to give no server information or misleading server information. In those scenarios if the server has PHP enabled you can add:

<?php phpinfo(); ?>

in a file and browse to it and look for the

_SERVER["SERVER_SOFTWARE"]

entry. This is susceptible to the same hardening lack of information/misleading though I would imagine that it's not altered often, because this method first requires access to the machine to create the PHP file.

Answer 4

Warning, some Apache servers do not always send their version number when using HEAD, like in this case:

HTTP/1.1 200 OK
Date: Fri, 03 Oct 2008 13:09:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.6RC4-pl0-gentoo
Set-Cookie: PHPSESSID=a97a60f86539b5502ad1109f6759585c; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html



Connection to host lost.

If PHP is installed then indeed, just use the php info command:

<?php phpinfo(); ?>

Answer 5

The level of version information given out by an Apache server can be configured by the ServerTokens setting in its configuration.

I believe there is also a setting that controls whether the version appears in server error pages, although I can't remember what it is off the top of my head. If you don't have direct access to the server, and the server administrator is competent and doesn't want you to know the version they're running... I think you may be SOL.

Answer 6

Telnet to the host at port 80.

Type:

get / http1.1
::enter::
::enter::

It is kind of an HTTP request, but it's not valid so the 500 error it gives you will probably give you the information you want. The blank lines at the end are important otherwise it will just seem to hang.

Answer 7

Simply use something like the following - the string should be there already:

<?php
   if(isset($_SERVER['SERVER_SOFTWARE'])){
      echo $_SERVER['SERVER_SOFTWARE'];
   }
?>

Answer 8

If they have error pages enabled, you can go to a non-existent page and look at the bottom of the 404 page.

Answer 9

In the default installation, call a page that doesn't exist and you get an error with the version at the end:

Object not found!

The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
localhost
10/03/08 14:41:45
Apache/2.2.8 (Win32) DAV/2 mod_ssl/2.2.8 OpenSSL/0.9.8g mod_autoindex_color PHP/5.2.5

Answer 10

Your best option is through PHP: All version requests from the client side cannot be trusted since your Apache could be configured with ServerTokens Prod and ServerSignature Off. See: http://www.petefreitag.com/item/419.cfm

Answer 11

Use this PHP script:

 $version = apache_get_version();
    echo "$version\n";

Se apache_get_version.