I just tried to access this blog using its IP address and I noticed that on the 404 error that comes up it lists the name of the web server and its version.
This can be a minor security risk. you don’t want to make it easier for hackers to hack your site by displaying the version of the web server your site is running on. To prevent apache from displaying this information, add these two lines at the end of your apache2.conf file:
ServerSignature Off
ServerTokens Prod
In Ubuntu the apache2.conf file is located at this location /etc/apache2/
After you add those lines, and reload apache
sudo service apache2 reload
Now when someone tries to access a nonexistent page in your web server they will the 404 page error but without the server signature:
I don’t know why this is not set by default in Apache, but as you can see is not hard to remove it with this simple trick.
I hope that helped.
Was this helpful?
3 people found this helpful