When we install Apache Web Server on respective Enterprise Linux when attacker is checking for the server signature it reveals the version of Apache Web Servers on respective Enterprise Linux. It shows the complete web server details including package name and version numbers. This tutorial shows the setting of Apache using step by step manner.

Step-1 (Check for the Server Signature)

Note: The Apache web server has installed. Make sure it is running.

First of all check website for Server signature. The given curl command is useful for checking the headers response of the website. The response code of the website shows you the details of server signature.

# curl --head http://techbrown.com

Sample Output

HTTP/1.1 403 Forbidden
Date: Wed, 29 Jun 2016 16:52:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8

Then, The given line shows server signature is enabled on your Apache Web Server

Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9
Step-2 (Dealing with Disabling Server Tokens for Apache Web Server)

Secondly the the Apache configuration file show the server tokens which is useful for the disabling the server tokens.

# vim /etc/httpd/conf/httpd.conf

Now, Add these line to last line of configuration file. The term prod shows the Production systems in a production environment.

ServerTokens Prod

After doing restart the Apache Web Server

# systemctl restart httpd
Step-3 (Check for the Server Signature)

Finally after changing all the configuration now. Please proceed for curl command to check the response of apache web server.

# curl --head http://techbrown.com

Sample output

HTTP/1.1 403 Forbidden
Date: Wed, 29 Jun 2016 17:10:25 GMT
Server: Apache
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8

The given line shows the server signature is disabled. The disabling of the Apache web server foot printing.

Server: Apache

Congratulation now you have turn off Apache server signature on CentOS and RHEL.