How to hide the Apache version and OS information to security scan?
In Ubuntu edit the following file
sudo vim /etc/apache2/conf-enabled/security.conf
Change ServerTokens OS
to ServerTokens Prod
then change ServerSignature On
to ServerSignature Off
Restart the apache2 :
sudo service apache2 restart
In CentOS and RedHat edit the following file:
vim /etc/httpd/conf/httpd.conf
Change ServerTokens OS
to ServerTokens ProductOnly
then change ServerSignature On
to ServerSignature Off
Restart the apache2
Comments
Post a Comment