Apache: Rename apache signature name
Hi folks! There is a small tip for a security paranoid people who want to hide or sabotage version information about their running services. On this post i will teach you how to make Apache httpd web server look like Microsoft ISS or other HTTPD Daemon. All you need is to enable mod_security on your apache.
# a2enmod mod-security
Then on the main Apache configuration or security file you need to add these lines:
Also if you are using PHP with the Apache httpd web server you can hide the php information by adding this line to php.ini:
# a2enmod mod-security
Then on the main Apache configuration or security file you need to add these lines:
ServerTokens OSThis will change Apache httpd server "http get" header to "Server: Microsoft-IIS/8.5", and it will be reported as Microsoft ISS web server look at this page for confirmation. Of course you need to restart it to make changes.
SecServerSignature Microsoft-IIS/8.5
Also if you are using PHP with the Apache httpd web server you can hide the php information by adding this line to php.ini:
expose_php = OffThis will enhance security of your web server by sabotaging information. For attacker it will be harder to find what httpd daemon you are using.
No comments: