Admin-Ahead Community
Linux => Server Security & Hardening => Topic started by: Jithin on November 01, 2013, 06:14:09 pm
-
Hi Guys,
Disabling Apache header is one of the best security practices. I'll show you how to do this.
1) Open your main apache configuration file. You can see two directive - ServerSignature and ServerTokens. Change it as show below.
ServerSignature off
ServerTokens Prod
2) Also add the below entries somewhere in it to disable Apache Last Modified header.
<filesMatch ".*$">
Header unset Last-Modified
</filesMatch>
3) Restart the apache service.
That's it! You have fully disabled the Apache header.