Completely hide server name Apache Windows

Question

Hope you guys are doing well.

I have one query so I have added the below lines in my windows Apache httpd.conf file with the below tags:-

ServerSignature Off,

ServerTokens Prod,

HostnameLookups Off,

TraceEnable off

And I am getting the below O/P like Server: Apache by using curl -I

Actually I am looking for the O/P like Server: Unknown or Server:""

Note :- Here my windows Apache version is Server version: Apache/2.4.46 (Win64)

Kindly help me here how I can hide this Server information as well, as its a security threat to our Instances.

Thanks

Do you mean 'output' by 'O/P'? – Example person May 11 '21 at 17:55 — Example person, May 11 '21 at 17:55

Example person · Answer 1 · 2021-05-11T17:35:18.680

Apache say:

Also note that disabling the Server: header does nothing at all to make your server more secure. The idea of "security through obscurity" is a myth and leads to a false sense of safety.

You would need to modify the source code, or install mod_security, and then you can add:

SecRuleEngine On
SecServerSignature Unknown

You can modify the source code as follows: How to change Apache's 'Server:' header without mod_security?

To remove server header by editing source: https://stackoverflow.com/a/66667833/12154890 Editing the source is probably the only way to remove the Server: header completely.

Since you are using windows, if you cannot install additional modules like mod_security or recompile, you cannot remove it.

Completely hide server name Apache Windows

1 Answers1