How to Hide Apache Information on Ubuntu VPS/Dedicated Web server

Share this Article :

By default the sensitive server information such as of Apache version, modules, operating System was not hide from the HTTP Header. This information will be display when there is a request to it. Attackers can use those information when they performing attacks to your VPS webserver. This post will show you how to hide apache details on Ubuntu 14.04 VPS or dedicated server.

1. Modify security.conf :

[email protected]:~$ sudo vi /etc/apache2/conf-enabled/security.conf

Change “ServerTokens OS” to “ServerTokens Prod” then
Change “ServerSignature On” to “ServerSignature Off”

..
..
ServerTokens Prod
..
..

..
ServerSignature Off
..
..

2. After done the changes, restart the apache2 :

[email protected]:~$ sudo service apache2 restart
 * Restarting web server apache2                                                             [ OK ]

3. Perform the following command before change and after change the configuration :

[email protected]:~$ sudo curl -I http://192.168.0.114

The result should be as below :

Before :

HTTP/1.1 200 OK
Date: Sun, 11 May 2014 01:25:52 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Thu, 08 May 2014 16:39:14 GMT
ETag: "2cf6-4f8e61f1300ba"
Accept-Ranges: bytes
Content-Length: 11510
Vary: Accept-Encoding
Content-Type: text/html

After hide should be like this :

HTTP/1.1 200 OK
Date: Sun, 11 May 2014 01:29:50 GMT
Server: Apache
Last-Modified: Thu, 08 May 2014 16:39:14 GMT
ETag: "2cf6-4f8e61f1300ba"
Accept-Ranges: bytes
Content-Length: 11510
Vary: Accept-Encoding
Content-Type: text/html

Done!!

Leave a Reply