Disable WebServer Banner Apache/IHS

Updated on:

Overview

Don’t display or send Apache version (Set ServerTokens)

By default, the server HTTP response header will contains apache and php version. Something similar to the following. This is harmful, as we don’t want an attacker to know about the specific version number.

Apache can reveal information by default configuration, unless it is configured in secure way. ServerSignature controls Apache version information and ServerTokens directive controls whether server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules

To avoid this, set the ServerTokens and ServerSignature directives  in httpd.conf. This will display “Server: Apache” without any version information.

 

Solution

 

In Httpd.conf,

# vi httpd.conf search for ServerTokens

Default :

  ServerTokens Full

ServerSignature On

change it to below

ServerTokens Prod

ServerSignature Off

Now the webserver is secure from information disclosure, restart the webserver to effect  configuration changes.

 

 

 

More from Middleware Inventory

  • Webserver Directory traversal

    Webserver Directory traversal Overview File path traversal attack or directory traversal attack in web application is a common security issue.In this a hacker can get access to the files or directories of a webserver through the web url which will lead to major security issues. If you are using Apache…

  • Apache Webserver Basic Authentication using htpasswd - How to

    Overview To Secure the Apache  Virtualhost (or) a particular document root /directory.  We can use this Basic Auth mechanism. When the user is trying to access the resource from the directory. User will be prompted  for Authentication.   Step1 Create a Password file with username and password entry using htpasswd  tool. Available…

  • How to integrate weblogic and apache web server - Steps

    Weblogic and Apache Webserver integration To Integrate Weblogic Application server with Apache Webserver, We have to install weblogic plugin on the Apache HTTP Server. Plugins for Apache will be available on Oracle (or) you can find them in your weblogic installed location under " ServerRoot/server/plugins" Under plugins directory of weblogic server…

  • Docker HTTPD
    Docker Reverse Proxy - Docker httpd apache example

    Introduction: In this post, we are going to see how to use docker httpd image and extend it to suit our needs and run the Apache web server as a Docker container. We are also going to implement a docker reverse proxy as an additional example Since we have targeted…

  • Apache Reverse Proxy - What is it and How to Configure Reverse Proxy

    Introduction Proxy,  In general terms it means "a person who is authorized to act for another". In Server infrastructure, a Proxy Server do the same thing, It stands in for some other server, which should be kept away and hidden for so many reasons. Proxy servers are used for both legal…