Sunday, 20 August 2017

How to Disable Apache/httpd version/ ServerSignature

We can hide Apche/httpd to show versions and other information by adding two parameters ServerSignature and ServerTokens. By setting this ServerSignature off and ServerTokens Prod we restrict to display Apache/httpd version for clients.

We can disable Apache/httpd server signature by editing Apache/httpd configuration files.
Add the following two parameters at the end of Apache/httpd configuration file.

The ServerSignature Off parameter will restrict to show Apache/httpd version information on any error pages.

The second parameter ServerTokens Prod will restrict to show apache/httpd token in HTTP response headers.

[root@linuxcnf ~]# vi /etc/httpd/conf/httpd.conf
ServerSignature Off
ServerTokens Prod

Save and close the file and restart apache/httpd service to make change persistent:

[root@linuxcnf ~]# service httpd reload

No comments:

Post a comment