Hide the Apache Web Server Version number with ServerSignature and ServerTokens directives

last updated September 15, 2007 in Apache, CentOS, Debian / Ubuntu, FreeBSD, Linux, OpenBSD, RedHat and Friends, Solaris-Unix, Suse, Ubuntu Linux, UNIX

Q. How do I hide the Apache version number under CentOS Linux 5 server?

A. You can easily hide Apche (httpd) version number and other information. There are two config directives that controls Apache version. The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default. The ServerTokens directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules. By setting this to Prod you only displays back Apache as server name and no version number displayed back.

Open your httpd.conf file using text editor such as vi:
vi httpd.conf

Append/modify config directive as follows:
ServerSignature Off ServerTokens Prod

Save and close the file. Restart Apache web server:
# /etc/init.d/httpd restart

Official Linux Foundation Certifications and Training - 15% Off

Get 15% off on Linux Foundation certified SysAdmin, Progamming, Kubernetes/Containers and Open Stack certification & course. Use "SPLASH15" coupon code. Offer expires on August 27, 2018
training.linuxfoundation.org

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Your support makes a big difference:

I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft takes a lot of my time and hard work to produce. If everyone who reads nixCraft, who likes it, helps fund it, my future would be more secure. You can donate as little as $1 to support nixCraft:

Become a Supporter Make a contribution via Paypal/Bitcoin

4 comment

abu hassan alshamry says:
October 20, 2011 at 8:41 pm
thanks so much
best
verma says:
December 7, 2012 at 10:37 am
Hi,
Good article thanks for that . but when I tried some like this
ServerSignature Off
ServerTokens Prod
# /etc/init.d/httpd restart
It is still showing as
server:Apache
before following the above procedure it used to show server version and some other details . I am able to hide , but I want to hide server:Apache also , any help will be great appreciation
regards
Verma
1. shivakumar k says:
  February 9, 2016 at 7:13 am
  Hi Verma,
  Did you got solution for that ? kindly share it to me, am also facing this same issue
roberto says:
May 20, 2013 at 9:21 am
@ Verma, this will only remove apache version name

Have a question? Post it on our forum!

Tagged as: apache http server, apache serversignature directive, apache servertokens directive, apache version, apache web server, centos linux, httpd, response header field