In default Apache write server signatures to HTTP-responses. In production server this is not recommended action, because it gives more attacking area to criminals. Web servers would like to advice themselves and that is the reason why they add their signatures in default to HTTP-responses.
In this post I will show you how to hide unnecessary Apache server signature.
Tested on Ubuntu 14.04 and Ubuntu 12.04.
you can watch how your server HTTP-response looks like now. Do HTTP-request e.g. with curl:
There is your HTTP-header and now you see exactly what all informations Apache gives to client. We still want to limit information of our server from outside.
Hide Apache signatures
At first open Apache configuration file
Add two lines on below to
Save file and reload Apache daemon
Hide also information of PHP
If you are using PHP HTTP-header also contain some information of PHP. Here is the way how to hide it.
expose_php is set to On, but now you take it Off
After changes you have to reload Apache
Now you're a little further safe.