Please wait while we load your page...

PasswordSentry

Latest Version [8.00202307241] Last Updated [Jul-24-2023]

PasswordSentry Highly Recommends NETbilling
Home




Disable Apache Web Server Signature



Whenever Apache web server returns a page, it outputs the web server signature (e.g., Apache version number and operating system info): in the HTTP Response Header, and at the bottom of the default server error pages.

Revealing web server signature can be a security risk as you are essentially telling hackers known vulnerabilities of your system. Thus it is recommended you disable or turn off all web server signatures as part of server hardening process. To disable, you can try adding the following to your top .htaccess file:

ServerSignature Off

Note that on some servers to make it work, you may need to add to the server config file (apache2.conf or httpd.conf, depending on web server type), and then restart the web server. You will require root SSH access, and *nix expertise to do this. Otherwise, ask your web host to do it.

You can use our HTTP Response Sniffer to check your web server signature.
Blog Posts

Random Security Blog Articles



See All Blog Posts


PasswordSentry :: Security Blog Articleby Renee Dudley and Daniel Golden ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox. Series: The Extortion Economy U.S. Companies and Ransomware On Jan. … Read More
PasswordSentry :: Security Blog ArticleBeeBright/Shutterstock David S. Wall, University of Leeds In their Carbis Bay communique, the G7 announced their intention to work together to tackle ransomware groups. Days later, US president Joe Biden met with Russian president Vladimir Putin, where an … Read More


Live Chat Offline