0

When we install Apache Web Server on respective Enterprise Linux when attacker is checking for the server signature it reveals the version of Apache Web Servers on respective Enterprise Linux. When the curl command is executed in terminal it shows the complete web server details including package name and version numbers. This tutorial show how to turn off the Server Signature of Apache Web Server.

How to Disable Server Signature of Apache Web Server

Step-1 (Install the Apache Web Server)

How to install the Apache Web Server is provided in the given tutorial.

Step-2 (Check for the Server Signature)
[root@techbrown ~]# curl --head http://techbrown.com
Sample Output
HTTP/1.1 403 Forbidden
Date: Wed, 29 Jun 2016 16:52:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8

The given line shows server signature is enabled on your Apache Web Server

Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9
Step-3 (Dealing with Disabling Server Tokens for Apache Web Server)
[root@techbrown ~]# vim /etc/httpd/conf/httpd.conf

Add these line to last line of configuration file

ServerTokens Prod
Step-4 (Restart the Apache Web Server)
[root@techbrown ~]# systemctl restart httpd
Step-5 (Check for the Server Signature)
[root@techbrown ~]# curl --head http://techbrown.com
Sample output
HTTP/1.1 403 Forbidden
Date: Wed, 29 Jun 2016 17:10:25 GMT
Server: Apache
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8

The given line shows the server signature has been successfully disabled from your Apache Web Server.

Server: Apache

That’s all for now.

How to Configure Awstats for Apache on CentOS / RHEL

Previous article

How to Configure Apache Tomcat Server on CentOS / RHEL

Next article

You may also like

Comments

Leave a reply

Your email address will not be published. Required fields are marked *

More in Linux