Apache: how to hide server version and operation system from users?
Simple:
sudo nano /etc/apache2/conf-enabled/security.conf
Then:
- change
ServerTokens OS
toServerTokens Prod
- change
ServerSignature On
toServerSignature Off
Restart Apache :
sudo service apache2 restart
This article may also help you: Hide Apache Information
To also hide the name "Apache":
sudo apt-get install libapache2-mod-security2
Then add this to /etc/apache2/apache.conf
(you can use any name, here I've used space):
<IfModule security2_module>
SecRuleEngine on
ServerTokens Min
SecServerSignature " "
</IfModule>
and restart Apache:
sudo service apache2 restart
For a full write up incorporating the answer by @ShanuTThankachan see here.
you didnt give enough information about os/distribution etc
but in ubuntu's apache installation apache2.conf looks like this:
<cut>
Include httpd.conf
Include ports.conf
Include conf.d/
Include sites-enabled/
and in conf.d/security you can see
ServerTokens OS
just check your configs, somewhere it gets overwritten after you set it in your httpd.conf