Saturday, April 17, 2021

Hiding Apache2 (httpd) Version in HTTP Header

One of the basic concept of cybersecurity, is to hide as much information about your system from the public view. For apache2 (httpd), this is pretty easy to do.

1. First, open /etc/httpd/conf/httpd.conf

$ sudo vi /etc/httpd/conf/httpd.conf

2. Then, append below lines to the file

...

ServerTokens Prod

ServerSignature Off

3. Save the file

4. Test the configuration, to make sure no typo error that can cause httpd to fail to start
$ sudo httpd -t

5. Restart httpd to activate the settings

$ sudo systemctl restart httpd

6. Finally, you can verify the visibility of the webserver's version number using curl or wget 

$ curl --head http://www.mydomainname.com

...

Server: Apache

... 

 

No comments: