Apache: how to hide server version and operation system from users?

Simple:

sudo nano /etc/apache2/conf-enabled/security.conf

Then:

  • change ServerTokens OS to ServerTokens Prod
  • change ServerSignature On to ServerSignature Off

Restart Apache :

sudo service apache2 restart

This article may also help you: Hide Apache Information


To also hide the name "Apache":

sudo apt-get install libapache2-mod-security2

Then add this to /etc/apache2/apache.conf (you can use any name, here I've used space):

<IfModule security2_module>
    SecRuleEngine on
    ServerTokens Min
    SecServerSignature " "
</IfModule> 

and restart Apache:

sudo service apache2 restart

For a full write up incorporating the answer by @ShanuTThankachan see here.


you didnt give enough information about os/distribution etc

but in ubuntu's apache installation apache2.conf looks like this:

<cut>
Include httpd.conf
Include ports.conf
Include conf.d/
Include sites-enabled/

and in conf.d/security you can see

ServerTokens OS

just check your configs, somewhere it gets overwritten after you set it in your httpd.conf

Tags:

Apache

Apache2