Tag Archives: ServerSignature

How to hide apache information with ServerTokens and ServerSignature directives

In default Apache configuration, the server sends HTTP Header with the information of Apache version, modules, Operating System, etc of the Server. The HTTP response header “Server” displays all these details of the server. This information can be used by hackers to try to exploit any vulnerabilities in the Apache, OS or other modules you are running, specially if you are running an older version with known vulnerabilities.

Sample HTTP Response Header:

HTTP/1.1 200 OK
Date: Sun, 10 Feb 2012 07:24:47 GMT
Server: Apache/2.2.17 (Win32) PHP/5.2.17
Vary: Accept-Encoding,Cookie

Read more »