Open Source Technical Information: How to disable server signature using .htaccess or by editing Apache?

Tuesday, 14 February 2012

How to disable server signature using .htaccess or by editing Apache?

,
Procedure for  disableing server signature using .htaccess or by editing Apache


Question : How to disable server signature using .htaccess or by editing apache config file?

Answer:
Attackers can use server signature to their advantage when performing an attack, this is the reason why  it is always advised to disable the server signature.
There are 2 methods to do it
.
I tried to make this quick tip more detailed for Linux newbies
1- Using .htaccess:
Open your public_html folder (Browse public_html using ftp to display all hiden files)
Now to disable the server’s signature used to identify the server, use the following code in your .htaccess file:

 # Disable server signature
 ServerSignature Off

This will hide the Apache version normally seen at the bottom of your 404 error pages, directory listing..etc.

2- Disable signature by editing httpd.conf
There are two directives that you need to add, or edit in your httpd.conf / apache2.conf file:

For Ubuntu and LinuxMint edit apache conf using the following command (for Centos/Fedora edit httpd.conf):
 
cd /etc/apache2/
vi apache2.conf
and add these 2 lines at the bottom of the file:
ServerSignature Off
ServerTokens Prod
The ServerSignature appears on the bottom of pages generated by apache such as 404 pages, directory listings, etc.
The ServerTokens directive is used to determine what Apache will put in the Server HTTP response header. By setting it to Prod it sets the HTTP response header as follows:

Server: Apache
When is done, restart apache:
/etc/init.d/httpd restart    CentOS/Fedora/RHEL sudo /etc/init.d/apache2 restart    Ubuntu/Debian/LinuxMint

Here are the results in my linuxmint:
Before:
 















After:




If you found any thing wrong then pleas Let me know ...Write Your tips and suggestion in comment ... Thank you...

1 comments:

  • 24 April 2012 at 23:47
    Natalia says:

    Nice post. You have explained this important concept in such an easy way. I just tried the same and it worked perfectly well for me. Thanks a lot for posting all the steps.
    digital signature PDF

Post a Comment

Write your tips here...

Deal of the Day

Advertisement here

Advertisement here