Author Topic: How to turn off server signature on web server?  (Read 3836 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
How to turn off server signature on web server?
« on: November 25, 2015, 06:26:38 PM »
http://prntscr.com/96vgah

This information could help an attacker determine which attack vectors the attacker are to use when targeting the system, and i dont want that!
« Last Edit: November 25, 2015, 06:28:30 PM by r4tulan »

Offline
*****
Re: How to turn off server signature on web server?
« Reply #1 on: November 27, 2015, 10:40:30 AM »
Hi.
You can't hide it since a web browsers require the info.
You can hide a version numbers in a configs.

Offline
*
Re: How to turn off server signature on web server?
« Reply #2 on: December 11, 2015, 07:12:16 AM »
http://prntscr.com/96vgah

This information could help an attacker determine which attack vectors the attacker are to use when targeting the system, and i dont want that!

1) Login Cwp and go to Apache Settings / Apache Configuration .

2) Add the following two lines at the end of Apache config file in editor :

ServerSignature Off
ServerTokens Prod

3) Login to ssh and  restart apache with "service httpd restart"

4) See changes in : http://seositecheckup.com/tools/server-signature-test

Offline
*
Re: How to turn off server signature on web server?
« Reply #3 on: October 27, 2018, 10:56:25 PM »
If you enable Mod Security via your CWP root user control panel, this will also mask the server signature and replace it with a generic CentOS Web Panel server signature like this:

Server: CentOS WebPanel: Protected by Mod Security