Hide Apache Version info from footer for a more secured webserver
Apache, Debian
I always hate the thing that after a new install of Debian(which is my favourite server OS) and Apache2(very stable webserver) i get that footer on List and Error pages that presents whoever visits that page with full info on name and version of modules installed. Thats not very safe, because these days the web is full of exploits and i dont want some script kiddie to find a nice exploit and deface my website because of the info provided by Apache. So here is what you need to do to remove that information:
with the following command we edit the apache2 config file:
nano /etc/apache2/apache2.conf
now press ctrl+W to open the find prompt and search for “ServerTokens”, you will now see a line that usually is set by default to ServerTokens Full, go ahead and change that line to ServerTokens Prod. Setting this to Prod only displays Apache and nothing else.
now press ctrl+W again to open the find promp and search for “ServerSignature” you will now see a line that usually is set by default to ServerSignature On, go ahead and change that line to ServerSignature Off. The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents.
Now press ctrl+x and the Y to save to changes we made and run the following command to reload the Apache config:
/etc/init.d/apache2 reload
Everything is done, you now have a more secured webserver.
Related posts
Tuesday, February 26th, 2008 at 10:50 am and is filed under Apache, Debian. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
thnx,