How to hide X-Powered-By and Server headers

Apache posted 11 months ago by christian

First enable the mod_headers module:

   1  sudo a2enmod headers

Then add this to your apache2.conf:

   1  # Hide X-Powered-By and Server headers
   2  Header always unset "X-Powered-By"
   3  ServerTokens Prod
   4  ServerSignature Off

Now restart Apache:

   1  /etc/init.d/apache2 force-reload

This is security through obscurity at it’s finest…

Tagged servertokens, server, x-powered-by, mod_rails, passenger, apache, apache2, headers

How to change the Apache 2 server signature on Debian Etch

Apache posted about 1 year ago by christian

Install mod_security, for some stupid reason it’s not included in Debian Etch, and for some even more stupid reason you’re not allowed to change the value of the Server header.

Anyway, to change the server signature, and enable voodoo magic:

   1  <IfModule mod_security2.c>
   2      # Basic configuration options
   3      SecRuleEngine On
   4      SecRequestBodyAccess On
   5      SecResponseBodyAccess Off
   6  
   7      # Handling of file uploads
   8      # TODO Choose a folder private to Apache.
   9      # SecUploadDir /opt/apache-frontend/tmp/
  10      SecUploadKeepFiles Off
  11  
  12      # Debug log
  13      SecDebugLog /var/log/apache2/modsec_debug.log
  14      SecDebugLogLevel 0
  15  
  16      # Serial audit log
  17      SecAuditEngine RelevantOnly
  18      SecAuditLogRelevantStatus ^5
  19      SecAuditLogParts ABIFHZ
  20      SecAuditLogType Serial
  21      SecAuditLog /var/log/apache2/modsec_audit.log
  22  
  23      # Maximum request body size we will
  24      # accept for buffering
  25      SecRequestBodyLimit 131072
  26  
  27      # Store up to 128 KB in memory
  28      SecRequestBodyInMemoryLimit 131072
  29  
  30      # Buffer response bodies of up to
  31      # 512 KB in length
  32      SecResponseBodyLimit 524288
  33  
  34      SecServerSignature "Dummy value"
  35  </IfModule>
  36

Tagged apache2, signature, server, header, disable