When you install Apache on your server, it displays the version of your Apache web server installed on your server along with the OS name of your server in Error pages. It also list the information about Apache modules installed in your server which can cause the security issue on your server.

Show-Server-Info

 

In above picture, you can see a 404 error page where Apache is showing its version with the OS installed in server. This may be a major security issue to your web server. To prevent to display these information to the world, you need to make some changes in Apache main configuration file.

Open configuration file with in your favorite editor and search for “ServerSignature”, its by default On. We need to Off and the second line “ServerTokens Prod” tells Apache to return only Apache as product in the server response header on the every page request, It suppress the OS, major and minor version info.

ServerSignature Off
ServerTokens Prod

Restart Apache/httpd

Happy Security!!!

Advertisements