Tweet
Many times when we get a 404 or any other errors from apache web server we have seen that the error includes which web server it is running, which version it is and what OS the website is running on. This information will invite a lot of attention to "Some" people who would seek for open doors to attack the websites or servers.
So we have to stop providing these information in case of errors etc. How this can be done? We can do this easily by tweaking two variables in the apache web server configuration file.
ServerTokens and ServerSignature. From the apache documentation,
ServerTokens: This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.
ServerSignature : The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents (error messages, mod_proxy ftp directory listings, mod_info output, ...)
This is the error we were betting before the changes:
Not Found
The requested URL /hh was not found on this server.
Apache/2.2.3 (CentOS) Server at www.example.com Port 80
Now, we will change the following parameters and restart apache web server.
Now we will be getting like this:
Not Found
The requested URL /hh was not found on this server.
Thats it. Now try yourself. :)
So we have to stop providing these information in case of errors etc. How this can be done? We can do this easily by tweaking two variables in the apache web server configuration file.
ServerTokens and ServerSignature. From the apache documentation,
ServerTokens: This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.
ServerSignature : The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents (error messages, mod_proxy ftp directory listings, mod_info output, ...)
This is the error we were betting before the changes:
Not Found
The requested URL /hh was not found on this server.
Apache/2.2.3 (CentOS) Server at www.example.com Port 80
Now, we will change the following parameters and restart apache web server.
Code:
vim /etc/httpd/conf/httpd.conf
#ServerTokens OS
ServerTokens Prod
#ServerSignature On
ServerSignature Off
/etc/init.d/httpd restart
Not Found
The requested URL /hh was not found on this server.
Thats it. Now try yourself. :)