Apache :: Disabling server info into response header

mishravik · Joined: 25 Oct 2013 Posts: 3

We are trying to disable server info into response header.

Header unset Server
Header set Server "unknown"

It is not working.

We have installed "Apache 2.4.6-x86 server" on Win 2008 R2 Standard server (64-Bit).

jraute · Joined: 13 Sep 2013 Posts: 188 Location: Rheinland, Germany

Normally you would use:

ServerTokens Prod
ServerSignature Off

"ServerTokens Prod" would give "Apache" as response and nothing else. But maybe it works to have "ServerTokens Off" as well to get really nothing.

Give it a try.

glsmith

There is no "Off" choice. There was a big discussion a few years ago when "Off" was going to be added and it was felt there was no need.

The question is, why do you need to turn this info off? Are you trying to hide that you are running Apache for security reasons? Security through obscurity has been shown to be no security at all over many years. It may also be of detriment, people scanning servers for vulnerability will hit you with everything under the sun for all the different servers.

You still have options however. mod_security can remove it with SecServerSignature as well as mod_bikeshed.

jraute · Joined: 13 Sep 2013 Posts: 188 Location: Rheinland, Germany

Thanks for the update, i was remembering that disussion. Smile