Techie Weblog

Web Hosting & Network Security Guide

HostGator Web Hosting

How to Turn Off Server Signature

If you like the post, Please Share


How to Turn Off Server Signature

How to Turn Off Server Signature

What is Server Signature.

How to Turn Off Server Signature

How to Turn Off Server Signature

When  a web server generates ( for example, Apache Web Server) any web pages or error pages, it injects some important information about the version and other details implemented on the system which are displayed in the web site server header. For example, the information text may be like this:

Server: Apache/2.4.0 (Linux) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/ mod_ssl/2.8.28 OpenSSL/0.9.7a PHP-CGI/0.1b

Server: Apache/2.4.0 (Red Hat) PHP/5.0.10-10redhat6 Server at xx.xx.xx.xx Port 80

In the above example, the server header exposes some valuable information about version and variant about the Linux operating system and Apache software used on the Server machine. It indirectly exposes the possible security holes that are existed to the hackers, or at least make malicious attackers easier to identify your system for available attack points. The above information says that the server is running on Red Hat Linux Version 6 and it’s running Apache Web Server version 2.4. Those information is called Server Signature.

How to Turn Off Server Signature.

By default, the Apache webserver sends HTTP headers with some information about your server version, operating system, modules installed, etc. These informations can be used by hackers in order to exploit vulnerabilities (specially if you are running an older version). These information can be hidden or changed with very basic configurations.
First login as root user. Then open Apache’s configuration file (httpd.conf or apache.conf) and search for ServerSignature. If you find it, edit it to:

ServerSignature Off
ServerTokens Prod

If you don’t find it, just add these two lines at the end of the file. The first line “ServerSignature Off” instructs Apache not to display a trailing footer line under server-generated documents (error messages, mod_proxy ftp directory listings, mod_info output, and etc) which displays server version number, Server name of the host, email setting. The second line “ServerTokens Prod” instructs Apache to return only Apache as product in the server response header on very page request, suppressing OS, major and minor version info. Note that, after you modify the configuration file, you must restart the Apache server.

***How to Turn Off Server Signature***

The Author

Sukanta Dutta

The author is writing technical blog for last few years. He shares his knowledge on Computer Networks, Database Technologies, Security Aspects of Network and Database etc. He also likes to hear from the reader of this blog to learn more, so he welcomes guest writing for this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

Techie Weblog © 2015-2018