问题
I have added these 2 lines in my etc/apache2.conf file, and it hid the OS and apache version.
ServerSignature Off
ServerTokens Prod
But after all I can see the header with server name
Server Apache
How to hide this information as well ? I am using Debian 7, apache v 2.2
Thanks
回答1:
Apache on its own cannot completely unset the Server header (not even with mod_headers).
This appears to be by design, as discussed by the Apache devs.
There is a way to do this using ModSecurity, but I know little about that. Instead, these people have it all figured out already:
https://unix.stackexchange.com/questions/124137/change-apache-httpd-server-http-header
I can verify that this works, just tried on Debian 7.6.
edit:
install mod security for apache and then add this in your apache2.conf.
<IfModule security2_module>
SecRuleEngine on
ServerTokens Full
SecServerSignature " "
</IfModule>
After this restarting the apache, Server header will disappear
回答2:
It's equivalent of adding:
SecServerSignature " "
To the file: /etc/apache2/mods-available/security2.conf
来源:https://stackoverflow.com/questions/26296886/completely-hide-server-name-apache