Linux > Server Security & Hardening

How to fully disable Apache from displaying header details?

(1/1)

Jithin:
Hi Guys,

Disabling Apache header is one of the best security practices. I'll show you how to do this.

1) Open your main apache configuration file. You can see two directive - ServerSignature and ServerTokens. Change it as show below.

ServerSignature off

ServerTokens Prod

2) Also add the below entries somewhere in it to disable Apache Last Modified header.

<filesMatch ".*$">
Header unset Last-Modified
</filesMatch>

3) Restart the apache service.

That's it! You have fully disabled the Apache header.

Navigation

[0] Message Index