Hide Apache and PHP version

Sometimes,  the most easy way for an hacker to exploit your server is just to know the version of the web server that you are running on your machine.

The first thing to do when you setup for example Apache, is to hide this information. In fact, the default setting is to show all the information about the web server in pages like 500, 403 or 404 etc…

It can be also useful to hide the version of your PHP in the HTTP response header.

How to do that? Just edit the Apache configuration file (usually /etc/apache2/apache2.conf)

$ sudo vim /etc/apache2/apache2.conf

If you can’t find it you can run

$ locate apache2.conf

and simply add (or edit)

#To hide Apache signature
ServerSignature Off
#To hide PHP version
ServerTokens Prod

and remember to restart your Apache server

$ sudo systemctl restart apache2

In the recent versions of Apache you cannot completely remove the Server header, so,if you would like to edit it definetively the only way is to replace the previous two lines with the following line:

SecServerSignature "MyPersonalWebServer"

If you would like to setup a new web service on your server checkout the following post!

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.