How to disable server signature using .htaccess or by editing Apache?

by
Share this Article: Facebook0Google+8Twitter17LinkedIn2Reddit0StumbleUpon0

Question : How to disable server signature using .htaccess or by editing apache config file?

Answer:

Attackers can use server signature to their advantage when performing an attack, this is the reason why  it is always advised to disable the server signature.

There are 2 methods to do it

.

I tried to make this quick tip more detailed for Linux newbies

1- Using .htaccess:

Open your public_html folder (Browse public_html using ftp to display all hiden files)

Now to disable the server’s signature used to identify the server, use the following code in your .htaccess file:

 # Disable server signature
 ServerSignature Off

This will hide the Apache version normally seen at the bottom of your 404 error pages, directory listing..etc.

2- Disable signature by editing httpd.conf

There are two directives that you need to add, or edit in your httpd.conf / apache2.conf file:

For Ubuntu and LinuxMint edit apache conf using the following command (for Centos/Fedora edit httpd.conf):

cd /etc/apache2/
vi apache2.conf

and add these 2 lines at the bottom of the file:

ServerSignature Off
ServerTokens Prod

The ServerSignature appears on the bottom of pages generated by apache such as 404 pages, directory listings, etc.

The ServerTokens directive is used to determine what Apache will put in the Server HTTP response header. By setting it to Prod it sets the HTTP response header as follows:

Server: Apache

When is done, restart apache:

/etc/init.d/httpd restart    CentOS/Fedora/RHEL sudo /etc/init.d/apache2 restart    Ubuntu/Debian/LinuxMint

Here are the results in my linuxmint:

Before:

After:


For questions please refer to our Q/A forum at : http://ask.unixmen.com/

Share this Article: Facebook0Google+8Twitter17LinkedIn2Reddit0StumbleUpon0