How to hide X-Powered-By and Server headers
Apache posted 11 months ago by christian
First enable the mod_headers module:
1 sudo a2enmod headers
Then add this to your apache2.conf:
1 # Hide X-Powered-By and Server headers 2 Header always unset "X-Powered-By" 3 ServerTokens Prod 4 ServerSignature Off
Now restart Apache:
1 /etc/init.d/apache2 force-reload
This is security through obscurity at it’s finest…
How to change the Apache 2 server signature on Debian Etch
Apache posted about 1 year ago by christian
Install mod_security, for some stupid reason it’s not included in Debian Etch, and for some even more stupid reason you’re not allowed to change the value of the Server header.
Anyway, to change the server signature, and enable voodoo magic:
1 <IfModule mod_security2.c> 2 # Basic configuration options 3 SecRuleEngine On 4 SecRequestBodyAccess On 5 SecResponseBodyAccess Off 6 7 # Handling of file uploads 8 # TODO Choose a folder private to Apache. 9 # SecUploadDir /opt/apache-frontend/tmp/ 10 SecUploadKeepFiles Off 11 12 # Debug log 13 SecDebugLog /var/log/apache2/modsec_debug.log 14 SecDebugLogLevel 0 15 16 # Serial audit log 17 SecAuditEngine RelevantOnly 18 SecAuditLogRelevantStatus ^5 19 SecAuditLogParts ABIFHZ 20 SecAuditLogType Serial 21 SecAuditLog /var/log/apache2/modsec_audit.log 22 23 # Maximum request body size we will 24 # accept for buffering 25 SecRequestBodyLimit 131072 26 27 # Store up to 128 KB in memory 28 SecRequestBodyInMemoryLimit 131072 29 30 # Buffer response bodies of up to 31 # 512 KB in length 32 SecResponseBodyLimit 524288 33 34 SecServerSignature "Dummy value" 35 </IfModule> 36