Thursday, 20 December 2018

How to disable Server Signature using .htaccess

In the default configuration of Apache, it shows sensitive server information like Apache version, Operation System version etc. Attackers can use sensitive server information to their advantage when performing an attack. You can Disable Server Signature by editing .htaccess file to hide such sensitive information.
Step 1: create or open file .htaccess in website document root directory and put the below parameters within the file .htaccess:

[root@linuxcnf ~]# vi /var/www/html/.htaccess
ServerSignature Off

Step 2: save and quit the file and restart apache service:

[root@linuxcnf ~]# service httpd restart
Redirecting to /bin/systemctl restart httpd.service
[root@linuxcnf ~]#

Now when someone tries to access a nonexistent page in web server they will see the 404 page error but without the server signature.

No comments:

Post a comment