Introduction
As an attempt to increase security, some users may find it helpful to be able to hide the "Server" identification header. This article provides the steps to do so.
Please note that there are other ways to determine if a server is running Apache, and that the "Server" identification header does not leak your version information.
Procedure
- Access the server's command line as the 'root' user via SSH or "Terminal" in WHM.
- Open
/etc/apache2/conf.d/modsec/modsec2.user.confin your preferred text editor. - Locate the
SecServerSignatureline or add it if it doesn't exist. - Set
SecServerSignatureto the desired value.SecServerSignature ' '
Please note that the value cannot be empty. In the above example, the value is a single space. - Save the changes and exit the text editor.
- Log in to WHM as the ‘root’ user.
- Navigate to "Home / Service Configuration / Apache Configuration / Global Configuration."
- Set the "Server Signature" value to
On. - Set the "Server Tokens" value to
Minimal. - Scroll to the bottom of the page.
- Click the "Save" button.
- Verify that the settings are correct.
- Click the "Rebuild Configuration and Restart Apache" button.
Comments
0 comments
Article is closed for comments.