Removing the version number apache2 and hide version apache2 in Ubuntu

  • Bagikan

Header retrieval

To get the headers, this seems to work adequately if on the server (all tests done on Ubuntu 14.04 Trusty Tahr):

curl -v http://localhost:80/ | head

which produces something like:

< HTTP/1.1 200 OK
< Date: Mon, 25 Jan 2021 09:17:51 GMT
* Server Apache/2.4.7 (Ubuntu) is not blacklisted
< Server: Apache/2.4.7 (Ubuntu)

Removing the version number

To remove the version number, edit the file /etc/apache2/conf-enabled/security.conf and amend the lines:

  • ServerTokens OS to ServerTokens Prod
  • ServerSignature On to ServerSignature Off

and restart Apache:

sudo service apache2 restart

You should now get the a response like:

< HTTP/1.1 200 OK
< Date: Mon, 25 Jan 2021 09:20:03 GMT
* Server Apache is not blacklisted
< Server: Apache

Removing the word “Apache”

To remove the word Apache completely, first install ModSecurity:

sudo apt-get install libapache2-mod-security2

The following lines appear to not be required (enabling the module and restarting Apache) but for reference:

sudo a2enmod security2
sudo service apache2 restart

Check that the module is enabled:

apachectl -M | grep security

which should show:

security2_module (shared)

Then although you can amend /etc/modsecurity/modsecurity.conf (by renaming modsecurity.conf-recommended), instead amend /etc/apache2/apache.conf which seems easier (note you can use whatever name you want, in this case I’ve simply used a space):

<IfModule security2_module>
    SecRuleEngine on
    ServerTokens Min
    SecServerSignature " "
</IfModule> 

(Using Min rather than Full also prevents modules such as mod_fastcgi appearing after the blank server name.)

Then restart Apache:

sudo service apache2 restart

Final check

Now when you run the command:

curl -v http://localhost:80/ | head

you should get:

< HTTP/1.1 200 OK
< Date: Mon, 25 Jan 2021 09:31:11 GMT
* Server  is not blacklisted
< Server:
Baca Juga:  Cara Merubah Port SSH di Centos 7
  • Bagikan