When you configure your production and development infrastructure. The primary concern should be security. You may face serious consequences in the future. You must apply to security in many directions. In that, If you are running your application with Apache server, you should apply this security tip on your server.
Check Unsecure HTTP Header
Check the HTTP header of your server, You will see the version of Apache2 server running. Hackers can use this information for hacking.
$ curl -I http://example.com
You can see that your server is running with Apache 2.4.18 server.
HTTP/1.1 200 OK Date: Wed, 25 Oct 2016 11:36:14 GMTServer: Apache/2.4.18 (Ubuntu) Last-Modified: Thu, 20 Oct 2016 05:30:08 GMT ETag: "2c39-544c560e55e60" Accept-Ranges: bytes Content-Length: 11321 Vary: Accept-Encoding Content-Type: text/html
Hide Apache Version
Edit your Apache configuration file and Add/Edit following variables. After making changes restart your Apache service.
ServerTokens Prod ServerSignature Off
Check HTTP Header
After making above changes, re-check the HTTP header values using the following command.
$ curl -I http://example.com
Now you can see that header is only showing that Apache is running, but no version or OS details available there.
HTTP/1.1 200 OK Date: Wed, 25 Oct 2016 11:36:14 GMTServer: Apache Last-Modified: Thu, 20 Oct 2016 05:30:08 GMT ETag: "2c39-544c560e55e60" Accept-Ranges: bytes Content-Length: 11321 Vary: Accept-Encoding Content-Type: text/html
Leave a Reply