问题
I've read on one site that I need to add two lines to httpd.conf file:
ServerSignature Off
ServerTokens Prod
But when I've added them nothing changed. As previously I can see in my browser
Apache/2.2.16 (Debian)
Maybe that's important: When I opened file (I mean before adding above lines) httpd.conf I saw it's empty. I use VPS.
Thanks!
回答1:
you didnt give enough information about os/distribution etc
but in ubuntu's apache installation apache2.conf looks like this:
<cut>
Include httpd.conf
Include ports.conf
Include conf.d/
Include sites-enabled/
and in conf.d/security you can see
ServerTokens OS
just check your configs, somewhere it gets overwritten after you set it in your httpd.conf
回答2:
Simple:
sudo nano /etc/apache2/conf-enabled/security.conf
Then:
- change
ServerTokens OStoServerTokens Prod - change
ServerSignature OntoServerSignature Off
Restart Apache :
sudo service apache2 restart
This article may also help you: Hide Apache Information
回答3:
To also hide the name "Apache":
sudo apt-get install libapache2-mod-security2
Then add this to /etc/apache2/apache.conf (you can use any name, here I've used space):
<IfModule security2_module>
SecRuleEngine on
ServerTokens Min
SecServerSignature " "
</IfModule>
and restart Apache:
sudo service apache2 restart
For a full write up incorporating the answer by @ShanuTThankachan see here.
来源:https://stackoverflow.com/questions/9000853/apache-how-to-hide-server-version-and-operation-system-from-users