Web Server signature is an information about the server and hosting operating system i.e. Apache version number and operating system info.
By default configuration of Apache, any error page will show the full signature of the server (version number), that can be risky as it can be used by hackers and attackers.As we know taht each version come with some lacks and that could be exploited. If hacker get version number then he may attack your server with focused attack.
To avoid this you can disable server signature. You can do it through editinf your /etc/apache2/apache2.conf file.
-----
# sudo nano /etc/apache2/apache2.conf --On Linux Mint, Ubuntu or Debian
# sudo nano /etc/httpd/conf/httpd.conf --On Fedora, Arch Linux, CentOS or RHEL
-----
Now search for "ServerSignature" and edit it with given below lines OR If you didn't find it then add these lines to the end of the file.
-----
ServerSignature Off
ServerTokens Prod
-----
Now, we have to reload apache configuration to make changes effect :
-----
# sudo /etc/init.d/apache2 reload
-----
By default configuration of Apache, any error page will show the full signature of the server (version number), that can be risky as it can be used by hackers and attackers.As we know taht each version come with some lacks and that could be exploited. If hacker get version number then he may attack your server with focused attack.
To avoid this you can disable server signature. You can do it through editinf your /etc/apache2/apache2.conf file.
-----
# sudo nano /etc/apache2/apache2.conf --On Linux Mint, Ubuntu or Debian
# sudo nano /etc/httpd/conf/httpd.conf --On Fedora, Arch Linux, CentOS or RHEL
-----
Now search for "ServerSignature" and edit it with given below lines OR If you didn't find it then add these lines to the end of the file.
-----
ServerSignature Off
ServerTokens Prod
-----
Now, we have to reload apache configuration to make changes effect :
-----
# sudo /etc/init.d/apache2 reload
-----
