Removing apache information from http request

apache-2.2

I want to remove Apache web server information from http requests. I have already implemented ServerTokens Prod and that has reduced the information to just :

Server: Apache

now, I want to remove this information from requests as well. How can I do this?


Solution 1:

Server cannot be unset, sorry. See here.

If you're content with just changing the string, mod_security can do it (SecServerSignature), as could a proxy of some kind (perversely, even an Apache proxy) in front of your server.

Removing it completely can certainly be done.. but I'm not aware of out-of-the-box software off the top of my head.

Solution 2:

yum install mod_security

edit file /etc/httpd/conf.d/mod_security.conf

<IfModule mod_security2.c>
    # This is the ModSecurity Core Rules Set.
    SecServerSignature " " ## add this
    # Basic configuration goes in here
    Include modsecurity.d/*.conf
    Include modsecurity.d/base_rules/*.conf

SecServerSignature " " will hide Server: apache into Server :

ref: http://forums.cpanel.net/f5/disable-serversignature-off-not-working-78468.html

Related

Completely disjoint iSCSI networks vs dedicated switches and VLANs
How to download private ubuntu AWS EC2 AMI for local use
How to reset/flush a MediaWiki? [closed]
How to grant su access to wheel without asking for password on FreeBSD?
Which EC2 instance best for Chef server?
Seeking distributed, fault-tolerant, networked block storage [closed]
SSH - How to turn on X forwarding on normal connection
Squid Proxy - Hiding the proxy
Removing perl module installed with cpanm
Nginx custom log, $bytes_sent exist something like $bytes_received?
Network design help needed (main office + branch offices + central server)
What's the best way to accomodate multiple devices that all want to use the same fixed IP address into the same LAN?