When remote requests are sent to your Apache web server, by default, some valuable information such as the web server version number, server operating system details, installed Apache modules plus more, is sent along in server-generated documents back to the client.

Read Also: How to Hide Nginx Server Version in Linux

This is a good deal of information for attackers to exploit vulnerabilities and gain access to your web server. To avoid showing Web sever information, we will show in this article how to hide the information of Apache Web Server using particular Apache directives.

Suggested Read: 13 Useful Tips to Secure Your Apache Web Server

The two important directives are:


Which permits the adding of a footer line showing server name and version number under server-generated documents such as error messages, mod_proxy ftp directory listings, mod_info output plus many more.

It has three possible values:

  1. On – which allows the adding of a trailing footer line in server-generated documents,
  2. Off – disables the footer line and
  3. EMail – creates a “mailto:” reference; which sends a mail to the ServerAdmin of the referenced document.

It determines if the server response header field that is sent back to clients contains a description of the server OS-type and info concerning enabled Apache modules.

This directive has the following possible values (plus sample info sent to clients when the specific value is set):

ServerTokens Full (or not specified) Info sent to clients: Server: Apache/2.4.2 (Unix) PHP/4.2.2 MyMod/1.2 ServerTokens Prod[uctOnly] Info sent to clients: Server: Apache ServerTokens Major Info sent to clients: Server: Apache/2 ServerTokens Minor Info sent to clients: Server: Apache/2.4 ServerTokens Min[imal] Info sent to clients: Server: Apache/2.4.2 ServerTokens OS Info sent to clients: Server: Apache/2.4.2 (Unix) 

Note: After Apache version 2.0.44, the ServerTokens directive also controls the info offered by the ServerSignature directive.

Suggested Read: 5 Tips to Boost Performance of Apache Web Server

To hide web server version number, server operating system details, installed Apache modules and more, open your Apache web server configuration file using your favorite editor:

$ sudo vi /etc/apache2/apache2.conf #Debian/Ubuntu systems
$ sudo vi /etc/httpd/conf/httpd.conf #RHEL/CentOS systems 

And add/modify/append the lines below:

ServerTokens Prod
ServerSignature Off 

Save the file, exit and restart your Apache web server like so:

$ sudo systemctl restart apache2 #SystemD
$ sudo service apache2 restart #SysVInit

In this article, we explained how to hide the Apache web server version number plus lots more info about your web server using certain Apache directives.

If you are running PHP in your Apache web server, I suggest you to Hide PHP Version Number.

As usual, you can add your thoughts to this guide via the comment section below.

Facebook Comments

More Stuff

Emblematic Group and Mozilla Team Up to Showcase Next Generation o... Everything you share on the internet is a story. You read blog posts and watch videos that make you feel connected to people across the world. Virtual...
Latest Firefox Release is Faster than Ever With the introduction of the new Firefox Quantum browser in 2017 we changed the look, feel, and performance of our core product. Since then we have la...
Competing without a Marketing Budget: When All You Have is a Produ... This is a story about the power of a good landing page, PR efforts, and marketing strategy. The refreshing twist here is that instead of explaining ho...
The Ongoing Fiasco and Mysterious Afterlife of QuadrigaCX I’d say you were a little late to the cryptocurrency party if you haven’t heard about the ongoing catastrophe that’s been QuadrigaCX these past six ...
Spread the love

Posted by News Monkey