26

I've read on one site that I need to add two lines to httpd.conf file:

ServerSignature Off

ServerTokens Prod

But when I've added them nothing changed. As previously I can see in my browser

Apache/2.2.16 (Debian)

Maybe that's important: When I opened file (I mean before adding above lines) httpd.conf I saw it's empty. I use VPS.

Thanks!

Community
  • 1
  • 1
Vitalii Ponomar
  • 10,686
  • 20
  • 60
  • 88

3 Answers3

45

Simple:

sudo nano /etc/apache2/conf-enabled/security.conf

Then:

  • change ServerTokens OS to ServerTokens Prod
  • change ServerSignature On to ServerSignature Off

Restart Apache :

sudo service apache2 restart

This article may also help you: Hide Apache Information

SharpC
  • 6,974
  • 4
  • 45
  • 40
Shanu T Thankachan
  • 993
  • 2
  • 8
  • 16
22

you didnt give enough information about os/distribution etc

but in ubuntu's apache installation apache2.conf looks like this:

<cut>
Include httpd.conf
Include ports.conf
Include conf.d/
Include sites-enabled/

and in conf.d/security you can see

ServerTokens OS

just check your configs, somewhere it gets overwritten after you set it in your httpd.conf

jackdoe
  • 1,846
  • 1
  • 15
  • 13
3

To also hide the name "Apache":

sudo apt-get install libapache2-mod-security2

Then add this to /etc/apache2/apache.conf (you can use any name, here I've used space):

<IfModule security2_module>
    SecRuleEngine on
    ServerTokens Min
    SecServerSignature " "
</IfModule>

and restart Apache:

sudo service apache2 restart

For a full write up incorporating the answer by @ShanuTThankachan see here.

SharpC
  • 6,974
  • 4
  • 45
  • 40