Having your server include a signature at the end of a web page can be a security risk. So turn off server signature before someone target your server. They will easily know what web server version and operating system you are using. And then use that information to search for exploits spesific to your version. So we better leave it out.
By typing in a page we know doesn’t exist, for provoking a 404 page to display, we will here see Apache version, and that we are using Debian.
On a Debian based Linux distro (Ubuntu, Linux Mint, Etc) we open this file: /etc/apache2/apache2.conf
On a Red Hat based distro (Centos, Fedora, Arch) open this file: /etc/httpd/con/httpd.conf
Add these two lines to the end of the config:
ServerSignature Off
ServerTokens Prod
ServerSignature turns the signature off, but you still need to include the ServerTokens. It will still display the server signature if you dont include it.
You will need to restart the server to make your changes take effect.
Debian based: service apache2 restart
Red Hat/Centos: service httpd restart
Your web server signature should now be hidden. And this was how to turn off server signature on a Apache webserver.
Happy safe serving!
About Author
