How to disable Apache server signature In Ubuntu

I just tried to access this blog using its IP address and I noticed that on the 404 error that comes up it lists the name of the web server and its version.

image

This can be a minor security risk. you don’t want to make it easier for hackers to hack your site by displaying the version of the web server your site is running on. To prevent apache from displaying this information, add these two lines at the end  of your apache2.conf file:

ServerSignature Off
ServerTokens Prod

In Ubuntu the apache2.conf file is located at this location /etc/apache2/

After you add those lines, and reload apache

sudo service apache2 reload

Now when someone tries to access a nonexistent page in your web server they will the 404 page error but without the server signature:

image

I don’t know why this is not set by default in Apache, but as you can see is not hard to remove it with this simple trick.

I hope that helped.

More Apache Tutorials