How to disable Server Signature in Apache server

Server signature is one of the easiest ways to find what type of operating system and Apache version is used in a web server. But this is also dangerous when coming to security, whenever a hacker comes to know what type of server and apache version, a hacker can easily track out the information and that leads away for hacking.

Before server signature is switched off if you type a wrong URL in the browser, the Apache server will respond like the requested URL is not found on the server with server signatures like operating system and apache version.

Let’s see how to disable the Server Signature in apache server. I’m using CentOS and I’ve installed apache server in CentOS.

Steps to disable server signature

1. Navigate to apache configuration and open the httpd.conf file using Vi editor.

[root@localhost ~]# cd /etc/httpd/conf/
[root@localhost conf]# vi httpd.conf

2. Find out server signature and turn it off.

3. Save the configuration and restart the httpd service.

[root@localhost conf]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
[root@localhost conf]#

After restarting the httpd service, now you can try opening the wrong URL in the browser. Now the apache server signature will not be shown as in the below picture.

I hope this post is very useful for you.

2Comments

Add yours

1
Karthikeyan on October 1, 2016 at 8:07 am

@ Kxdemon thank u 🙂
2
kxdemon on October 1, 2016 at 8:07 am

Also u need to reconfigure ServerTokens directive to "Prod" value. It returns least information in HTTP response header about server. Check it by run this command: curl -v http://www.example.com

Steps to disable server signature

Share this:

Related