Hiding Apache version

PCXLan.es · July 7, 2018, 3:49pm

I’ve been researching and I found this article about hiding the Apache version How to Hide Apache Version Number and Other Sensitive Info. I have followed the process and what I have done basically is:

In /etc/httpd/conf.d/virtualhosts.conf I have added these lines to the end of the file and I have saved it.

ServerTokens Prod
ServerSignature Off

I have restarted the service service httpd restart

My question is; Is it necessary to show the full version of Apache? Or can I leave the file with the two lines added? Thanks in advance!

dnutan · July 7, 2018, 7:33pm

As the file is templated, the changes will be lost after a signal event is triggered for the web-server.

You could use a custom template:

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf.d/nethserver.conf/
vi /etc/e-smith/templates-custom/etc/httpd/conf.d/nethserver.conf/20hardening

Content of 20hardening:

#
# 20hardening
#
ServerSignature Off
ServerTokens Prod

Apply the changes:

signal-event nethserver-httpd-update

I believe adding the settings in /etc/httpd/conf/httpd.conf or dropping a .conf file under /etc/httpd/conf.d/ (order minds the naming) should work the same.

Not necessary AFAIK. With your proposed changes the server information will be shown as Apache, without the version and the OS details.

m.traeumner · July 9, 2018, 10:37am

@PCXLan.es
Her you can find more informations about templates:

http://docs.nethserver.org/projects/nethserver-devel/en/v7/templates.html