2

I actually set up vhost with apache2 and i've a problem with the hardening of my vhost; the apache version and server OS is displayed in the header.

When i use the main server link, the version is hidden.

Help please. Thanks.

usta
  • 23
  • 3
  • 1
    Hi Usta, welcome to SO. Could you make it more accurate (params, code you wrote, config file relevant parts...). If you take a little tour of the questions asked and well answered here, you'll see it is better to post the parts of the code you think must be improved. Take your time and read http://stackoverflow.com/help/how-to-ask before asking your next question. – J. Chomel Jul 26 '16 at 11:55

2 Answers2

0

use prod as server token

https://httpd.apache.org/docs/2.4/mod/core.html#servertokens

set server signature to off

https://httpd.apache.org/docs/2.4/mod/core.html#serversignature

hth

murphy
  • 524
  • 4
  • 16
  • I already use serverTokens and serverSignature in the main config file (000-default.conf) but when i use vhost, i cam see the apache version... – usta Jul 26 '16 at 11:58
0

You can hide the Server version like so:

ServerSignature Off
ServerTokens Prod

You will need to edit your .htaccess file or the main httpd.conf file.

Stuart
  • 6,630
  • 2
  • 24
  • 40
  • Yes sure with the 000-default.conf on /var/www/html but here i used with a vhost and it can't be hidden – usta Jul 26 '16 at 15:11