How to unset (Hide) "Server" header in Apache 2.4.39 Apache configuration running on Amazon Linux

Question

I am using Amazon Linux and running Apache 2.4.39. I have added "Header unset Server" along with "ServerToken Prod" and "ServerSignature Off".

However, I still see "Server: Apache" in the headers. Further I tried setting Server header to null using below: Header set Server ""

This works and shows the null header however, it works only for index.php.

I want this to work for all the pages supported by the website like .gif, admin.css etc.

Please suggest!

Thanks in advance!

The [tag:apache] tag that you use points you to a place where httpd-configuration questions are on topic — Olaf Kock, Feb 12 '20 at 13:12

SharpC · Answer 1 · 2021-01-26T11:53:36.220

0

Try my suggested fix here:

sudo apt-get install libapache2-mod-security2

then add this to the end of /etc/apache2/apache.conf:

<IfModule security2_module>
    SecRuleEngine on
    ServerTokens Min
    SecServerSignature " "
</IfModule>

and restart Apache:

sudo service apache2 restart

edited Jan 26 '21 at 11:53

answered Jan 26 '21 at 10:37

SharpC

1 Answers1