Apache, Servers/Services

Hide Apache version from hackers

A first line of defense in web application world is to hide as much info as possible from HTTP headers!

In this article we will see how easy it is to hide apache’s version number.

1. Keep a backup of file /etc/apache2/apache2.conf.

2. Open /etc/apache2/apache2.conf file for edit. For ubuntu users issue the following command:

sudo nano /etc/apache2/apache2.conf

3. Append to the file the following lines:

ServerTokens ProductOnly (hide Apache version in HTTP response headers)

ServerSignature Off (hide Apache version – 404 error pages etc)

4. Restart or Reload apache.

sudo /etc/init.d/apache2 reload

sudo /etc/init.d/apache2 restart