Remove Server Version Banner in Apache

Objective

To not expose the version of Apache the web server is running, which can aide attackers.

Solution

Go to Geek Flare’s Test Site and check your website’s HTTP Response Header . With a default Apache configuration, the HTTP Response Header will expose Apache’s version and OS

Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips

Edit your Apache configuration file/etc/apache2/httpd.conf and add the following

ServerTokens Prod
ServerSignature Off

TheServerTokens will change Header to only display the web server type

The ServerSignature directive will remove the version information from the page generated by Apache.

Reload Apache

[root@nowherelan]# systemctl reload httpd.service

Check your website’s HTTP Response Header again. Now it should only show

Server: Apache

My System Configuration

CentOS 7
Apache 2.4

References

https://geekflare.com/apache-web-server-hardening-security/
https://tools.geekflare.com/tools/http-header-test

One thought on “Remove Server Version Banner in Apache”

S	M	T	W	T	F	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

nowhereLAN

Remove Server Version Banner in Apache

Objective

Solution

My System Configuration

References

One thought on “Remove Server Version Banner in Apache”

Leave a Reply Cancel reply

David Lehman's System Administration Blog

Objective

Solution

My System Configuration

References

Share this:

One thought on “Remove Server Version Banner in Apache”

Leave a Reply Cancel reply

David Lehman's System Administration Blog