Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Security»Hiding the Apache Version from HTTP Header

    Hiding the Apache Version from HTTP Header

    By RahulFebruary 9, 20233 Mins Read

    Apache is a widely used open-source web server software that is capable of serving web content and managing incoming HTTP traffic. One of the features of Apache is its ability to include information about the server software in the HTTP headers of its responses. By default, Apache includes the version number of the server software in the “Server” header field of HTTP responses. However, this information can be used by attackers to identify the web server software and to search for vulnerabilities that are specific to that software version. As a result, it is important to hide the Apache version number from HTTP headers to prevent potential attacks.

    Advertisement

    There are several methods that can be used to hide the Apache version number from HTTP headers:

    Step 1: Check Current Apache (HTTPD) Headers

    You can use the curl command line utility to check HTTP header values on your Apache web servers. Run the command as below:

    curl -I http://172.24.248.89 
    

    Replace 172.24.248.89 with your web server IP address.

    Hiding the Apache Version from HTTP Header
    Showing Apache version in HTTP headers

    Step 2: Hiding the Apache Version

    The simplest way to hide the Apache version number is to use the “ServerTokens” directive in the Apache configuration file. This directive controls the information that is included in the “Server” header field. By setting the “ServerTokens” directive to “Prod”, Apache will only include the name of the server software in the “Server” header field and will not include the version number.

    Edit Apache confgiuration file “/etc/httpd/conf/httpd.conf” (for RHEL-based systems) or “/etc/apache2/conf-enabled/security.conf” (for Debian-based systems) and update/append following values:

    1
    2
    ServerSignature Off
    ServerTokens Prod

    Regardless of the method used, hiding the Apache version number from HTTP headers is an important step in enhancing the security of your web server. By hiding the Apache version number, you can prevent attackers from using it to identify vulnerabilities in your web server software.

    Step 3: Verify Apache (HTTPD) Headers

    After making necessary changes, restart Apache service and again check for HTTP headers.

    curl -I http://172.24.248.89 
    

    You will see that Apache version is hidden now.

    Hiding the Apache Version from HTTP Header
    Apache version not showing in HTTP headers

    Conclusion

    In conclusion, hiding the Apache version number from HTTP headers is a simple but effective way to improve the security of your web server. There are several methods that can be used to hide the version number, including using the “ServerTokens” directive, using a custom module, or modifying the Apache source code. Regardless of the method used, it is important to take the necessary steps to hide the Apache version number to prevent potential attacks against your web server.

    Apache http header security
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    How to block bad bots using .htaccess

    Comparing Apache MPM Worker and Prefork: Which is Right for Your Application

    How to Install Apache (httpd) on RHEL & CentOS Stream 9

    View 5 Comments

    5 Comments

    1. Hitesh Prajapati on August 19, 2020 2:30 pm

      Thanks helpful for me.

      Reply
    2. Amit Handa on May 12, 2020 8:07 am

      How to hide server Name?

      Reply
    3. Amit Handa on May 12, 2020 8:06 am

      Thanks!

      Reply
    4. Nm on April 27, 2020 1:06 pm

      Thanks! Quick solution

      Reply
    5. sandy on May 31, 2019 9:17 am

      GREAT bro. many thanx

      Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • Configure Postfix to Use Gmail SMTP on Ubuntu & Debian
    • PHP Arrays: A Beginner’s Guide
    • Deploying Flask Application on Ubuntu (Apache+WSGI)
    • OpenSSL: Working with SSL Certificates, Private Keys and CSRs
    • How to Create and Read List in Python
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.