Turning off server signature apache webserver

When using default Apache errorpages it can be wise to turn off server signatures. Server signatures contain valuable information about your installed software and can be read by internetworms and hackers.

When installing Apache or Apache2 the standard setting in your httpd.conf or apache2.conf file is :

ServerSignature On

This setting shows server-related information like this : "Apache/1.3.33 Server at www.domain.com Port 80".
When using custom or self-made errorpages this information will not be shown publicly.

To deactivate this message change the setting in your httpd.conf or apache2.conf.

ServerSignature Off

When using virtual Apache server(s) you will have to change your /sites-enabled/000-default file located in your Apache directory.

You can also use this setting in a .htaccess in your webroot or directory. This will override the current Apache value for this particular setting.

Posted by James on 2009-07-07 in the category " apache "