Hide the Apache Web Server Version number with ServerSignature and ServerTokens directives

by on September 15, 2007 · 3 comments· LAST UPDATED September 15, 2007

in , ,

Q. How do I hide the Apache version number under CentOS Linux 5 server?

A. You can easily hide Apche (httpd) version number and other information. There are two config directives that controls Apache version. The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default. The ServerTokens directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules. By setting this to Prod you only displays back Apache as server name and no version number displayed back.

Open your httpd.conf file using text editor such as vi:
vi httpd.conf

Append/modify config directive as follows:
ServerSignature Off
ServerTokens Prod

Save and close the file. Restart Apache web server:
# /etc/init.d/httpd restart

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 3 comments… read them below or add one }

1 abu hassan alshamry October 20, 2011 at 8:41 pm

thanks so much

best

Reply

2 verma December 7, 2012 at 10:37 am

Hi,
Good article thanks for that . but when I tried some like this
ServerSignature Off
ServerTokens Prod

# /etc/init.d/httpd restart

It is still showing as
server:Apache
before following the above procedure it used to show server version and some other details . I am able to hide , but I want to hide server:Apache also , any help will be great appreciation

regards
Verma

Reply

3 roberto May 20, 2013 at 9:21 am

@ Verma, this will only remove apache version name

Reply

Leave a Comment

Tagged as: , , , , , , ,

Previous Faq:

Next Faq: