1

We have Apache 2.4.34 on a Red Hat Linux Server and I need to remove Server: Apache from the response header.

Is there any easy way to do that without mod_security? If we need to do it with mod_security only, I have checked the Apache 2.4 documentation and it appears Apache 2.4 wont come with mod_security by default.

  • Can any one tell me the detailed steps how to install mod_security on Red Hat Linux?
  • Does mod_security have to be separate from Apache?
  • How we can configure or make Apache 2.4 to use mod_security?
  • Do we just need to configure in httpd.conf the same as we load other modules?
SharpC
  • 6,974
  • 4
  • 45
  • 40
Aravind
  • 93
  • 1
  • 3
  • 8
  • Possible duplicate of [Can't remove Server: Apache header](https://stackoverflow.com/questions/35360516/cant-remove-server-apache-header) – Barry Pollard Oct 17 '19 at 08:34
  • You can't do it lol. Apache makes excuses but at the end of the day, exposing your server tech is what lets them claim X number of installs on public web servers, in their marketing materials. It's in their commercial interest to hardcode this header, so they will not allow you to remove it unless you make your own custom Apache build. – Andrew Koster Jan 22 '20 at 02:14
  • See [my answer here](https://stackoverflow.com/questions/35360516/cant-remove-server-apache-header#65883445) which should hopefully answer all your questions. – SharpC Jan 26 '21 at 11:05
  • @SharpC If I had only come across that six months ago and you had posted that six months ago. Meh, I don't have the time to test it out right now. Andrew's comment is correct *except* that if Sharp's answer on the other thread is incorrect it's still technically open source software so it could technically still be accomplished though one would have to compile Apache and that is a massive headache in and of itself. – John Jan 26 '21 at 12:49
  • 1
    @John sure thing, I have tested it through much pain and investigation, so it should work unless newer versions don't behave the same. :-) – SharpC Jan 26 '21 at 13:17
  • See https://stackoverflow.com/questions/35360516/cant-remove-server-apache-header/66667833#66667833 this can help on how to edit the source. – Example person Mar 17 '21 at 06:56
  • *Is there any easy way to do that without mod_security?*, editing the source is the only other way. – Example person Mar 17 '21 at 06:57

0 Answers0