How to Change Apache Server Name to Anything in Server Headers

Channel: Apache Linux
Abstract: we will show you yet another useful Apache security tip – changing HTTP web server name to anything else in server header. What do we actually mean he
MiniHowTo . How-to-Update-Ubuntu-1304-to-Ubuntu-1404
Apache Linux . How-to-Change-Apache-Server-Name-to-Anything-in-Server-Headers
Linux . How-to-Change-Document-Root-of-Primary-Domain-in-WHM-cPanel

In one of our several articles relating to Apache server security and hardening tips, we explained how to hide Apache version number and other sensitive information.

We discussed how to keep away valuable information such as the web server version number, server operating system details, installed Apache modules and so much more, from being sent along in server-generated documents back to the client (possibly attackers).

In this article, we will show you yet another useful Apache security tip – changing HTTP web server name to anything else in server header.

What do we actually mean here? Take a look at the screen shot below, it shows a listing of directories in our web server document root, beneath that, you can see the server signature (web server name, version, operating system, ip address and port).

Apache Directory Listing

Most times, hackers use known vulnerabilities in web server software to attack your websites or web apps, therefore changing the name of your web server makes it difficult for them to know the type of server running on your system. The point is to change the name 「Apache」 to something else.

This can be achieved by installing Apache mod_security module.

-------- On Debian/Ubuntu -------- 
$ sudo apt install libapache2-mod-security2
$ sudo a2enmod security2

-------- On CentOS/RHEL and Fedora --------
# yum install mod_security
# dnf install mod_security

Then open the Apache configuration file.

$ sudo vi /etc/apache2/apache2.conf	#Debian/Ubuntu 
# vi /etc/httpd/conf/httpd.conf	        #RHEL/CentOS/Fedora

Now change or add these lines below (make sure to change TecMint_Web to any other thing you want to appear to clients).

ServerTokens Full
SecServerSignature 「Tecmint_Web」

Finally restart the web server.

$ sudo systemctl restart apache2   #Debian/Ubuntu 
# systemctl restart httpd          #RHEL/CentOS/Fedora

Now verify the page again using curl command or accessing from the browser to see the web server name has changed from Apache to Tecmint_Web.

$ curl -I -L http://domain-or-ipaddress
Apache Listing of Directory

Thats It! Do check out following articles related to Apache web server.

  1. Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security
  2. How to Find MySQL, PHP and Apache Configuration Files
  3. How to Change Default Apache ‘DocumentRoot’ Directory in Linux
  4. How to Check Which Apache Modules are Enabled/Loaded in Linux
  5. 13 Apache Web Server Security and Hardening Tips

In this article, we showed how to change HTTP web server name to anything else in server header in Linux. Use the feedback form below to add you thoughts about this topic.

Ref From: tecmint
Channels: mod_securityApache Tips

Related articles

How-to-Change-Apache-HTTP-Port-in-Linux
How-to-Install-Apache-CouchDB-230-in-Linux
Setup-Apache-Traffic-Server-as-Reverse-Proxy-on-Linux
How-to-Setup-SVN-Server-on-CentOS-RHEL--Fedora
How-to-Add-Custom-iptables-Rules-in-CSF-Firewall
How-to-Change-Apache-Default-Page-with-htaccess
vCSA--How-to-install-vCenter-Server-Appliance-(vCSA)
How-to-Change-Hostname-(Computer-Name)-on-Ubuntu--Debian