If Not True Then False

Hide Apache ServerSignature / ServerTokens / PHP X-Powered-By - Comment Page: 1

By default almost all Apache installation shows sensitive server information with Apache version number, server operating system details, installed Apache modules, PHP-version and so on. Attackers can use this information when performing attacks. Some examples howto check server information that Apache sends Error page Use lynx $ lynx -head -mime_header http://www.ubuntu.com HTTP/1.0 200...
Categories:

10 Comments

Leave a Comment

Your email address will not be published. Required fields are marked *

Input your comment.
help

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Input your name.

kashif

Good Article.
Just one thing is missing. Sometimes you need to set ServerTokens directive in */apache2/conf.d/security file if the directive is not working. Anyways good job…

reply Reply
9jaBrozz

If you use XAMPP (v2.5.8) look for the file named httpd-default.conf under \etc\xampp\apache\conf\extra and then make the necessary changes (ServerSignature Off, ServerTokens Prod).

I was not able to find this info in the net. Hope it helps someone.

reply Reply
Mohammed

Hey. Thanks for the tip. Is there anyway I could hide the word “Apache”?!

reply Reply