How to disable Apache server signature In Ubuntu

I just tried to access this blog using its IP address and I noticed that on the 404 error that comes up it lists the name of the web server and its version.

image

This can be a minor security risk. you don’t want to make it easier for hackers to hack your site by displaying the version of the web server your site is running on. To prevent apache from displaying this information, add these two lines at the end  of your apache2.conf file:

ServerSignature Off
ServerTokens Prod

In Ubuntu the apache2.conf file is located at this location /etc/apache2/

After you add those lines, and reload apache

sudo service apache2 reload

Now when someone tries to access a nonexistent page in your web server they will the 404 page error but without the server signature:

image

I don’t know why this is not set by default in Apache, but as you can see is not hard to remove it with this simple trick.

I hope that helped.


Share the knowledge...Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Share on RedditEmail this to someonePrint this page

More Apache Tutorials

about My name is Nelson Amaya and I’m the author of this website. I created the site in 2009 (under the forevergeeks.com domain) and I’ve been posting tutorials here ever since. I'm a systems / network administrator and I enjoy solving complex problems and learning as much as I can about new technologies. I write tutorials based on my work experience and other IT stuff I find interesting.