|

Hiding and modifying Apache server information [extend]

Fortunately, such data can easily hide and modify by changing the ServerSignature and ServerTokens directives.

ServerSignature

ServerSignature configures the footer on server-generated documents. Just like example 404 error page. Normal use it’s better hide whole signature and add or modify httpd.conf file or apache.conf file following row:

ServerSignature Off

If you some reason want show ServerSignature then use:

ServerSignature On

Or if you want show mailto link (example admin mail) then use:

ServerSignature Email

ServerTokens

Configures the Server HTTP response header. Different ServerTokens directive options are following (add or modify httpd.conf file orapache.conf):

Prod or ProductOnly – Server sends (e.g.): Server: Apache

ServerTokens Prod

Major – Server sends (e.g.): Server: Apache/2

ServerTokens Major

Minor – Server sends (e.g.): Server: Apache/2.2

ServerTokens Minor

Min or Minimal – Server sends (e.g.): Server: Server: Apache/2.2.4

ServerTokens Min

OS – Server sends (e.g.): Server: Apache/2.2.4 (Ubuntu)

ServerTokens OS

Full or not specified – Server sends (e.g.): Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4

ServerTokens Full

ServerTokens setting applies to the entire server, and cannot be enabled or disabled on a virtualhost-by-virtualhost basis.

Hide PHP version (X-Powered-By)

Hiding PHP version (X-Powered-By) is easy. Add or modify following php.ini file row like following:

expose_php = Off

Summary

Safest basic setup is following:
httpd.conf or apache.conf rows:

ServerSignature Off
ServerTokens Prod

php.ini row:

expose_php = Off

After all changes remember reload server and check results. The results should look like this:

Before:

HTTP/1.1 200 OK
Date: Fri, 20 Nov 2009 12:20:30 GMT
Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4
X-Powered-By: PHP/5.2.3-1ubuntu6.4
Connection: close
Content-Type: text/html; charset=UTF-8

After:

HTTP/1.1 200 OK
Date: Fri, 20 Nov 2009 13:06:21 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=UTF-8
Kviečiu įvertinti įrašą!
[Viso: 0 Vidurkis: 0]

Similar Posts

Parašykite komentarą

El. pašto adresas nebus skelbiamas.

Sauga: + 53 = 57