Menu
How to Disable Server Signature by editing Htaccess/Apache? There are various ways to Disable Server Signature, and it totally depends upon your server. Here I will share few most commonly used server signature disabling methods for Apache. Disable Server Signature on Apache by editing config file.
Active7 months ago
I have added these 2 lines in my etc/apache2.conf file, and it hid the OS and apache version.
But after all I can see the header with server name
How to hide this information as well ?I am using Debian 7, apache v 2.2
Thanks
davdav5,86766 gold badges5757 silver badges114114 bronze badges
2 Answers
Apache on its own cannot completely unset the Server header (not even with mod_headers).
This appears to be by design, as discussed by the Apache devs.
There is a way to do this using ModSecurity, but I know little about that. Instead, these people have it all figured out already:
I can verify that this works, just tried on Debian 7.6.
edit:install mod security for apache and then add this in your
apache2.conf
.After this restarting the apache, Server header will disappear
dav5,86766 gold badges5757 silver badges114114 bronze badges
RamónRamón
It's equivalent of adding:
To the file:
George GarchagudashviliGeorge Garchagudashvili/etc/apache2/mods-available/security2.conf
5,4901212 gold badges3434 silver badges5050 bronze badges
Not the answer you're looking for? Browse other questions tagged apachedebianapache-config or ask your own question.
Active1 year, 11 months ago
I've read on one site that I need to add two lines to
httpd.conf
file:ServerSignature Off
ServerTokens Prod
But when I've added them nothing changed. As previously I can see in my browser
Apache/2.2.16 (Debian)
Maybe that's important: When I opened file (I mean before adding above lines)
httpd.conf
I saw it's empty. I use VPS.Thanks!
Vitalii PonomarVitalii Ponomar3,6701414 gold badges5252 silver badges7878 bronze badges
2 Answers
you didnt give enough information about os/distribution etc
but in ubuntu's apache installation apache2.conf looks like this:
and in conf.d/security you can see
just check your configs, somewhere it gets overwritten after you set it in your httpd.conf
jackdoejackdoe1,66411 gold badge1111 silver badges1212 bronze badges
simple,
Change
ServerTokens OS
to ServerTokens Prod
then Change ServerSignature On
to ServerSignature Off
Restart the apache2 :
also this article will help you Hide Apache Information
Carlos Robles8,97433 gold badges2929 silver badges5151 bronze badges
Shanu T ThankachanShanu T Thankachan