Web servers frequently transmit server information by default. It’s include information such as the operating system and version, which web server you are running Apache, Nginx, IIS etc. and in some time web server modules installed.
This information is stored in http headers, and sent together with every web page request made by a web client. So this information is destructive for your server security.
Apache have few directives which are useful to hide apache header information.
You need to open apache configuration fine and append the followings line.
ServerSignature Off
ServerTokens ProductOnly
TraceEnable Off
ServerTokens ProductOnly
TraceEnable Off
Furthermore, we can use following directives in the httpd.conf as well.
<IfModule mod_headers.c>
Header unset Server
Header unset X-Powered-By
</IfModule>
Header unset Server
Header unset X-Powered-By
</IfModule>
Moreover use the following variable in modsecurity.conf file
SecServerSignature ” ” ## add this
Enjoy!
I am founder and webmaster of www.linuxpcfix.com and working as a Sr. Linux Administrator (Expertise on Linux/Unix & Cloud Server) and have been in the industry since more than 14 years.
