Control Web Panel

WebPanel => Apache => Topic started by: r4tulan on November 25, 2015, 06:26:38 PM

Title: How to turn off server signature on web server?
Post by: r4tulan on November 25, 2015, 06:26:38 PM

http://prntscr.com/96vgah

This information could help an attacker determine which attack vectors the attacker are to use when targeting the system, and i dont want that!

Title: Re: How to turn off server signature on web server?
Post by: Igor S. on November 27, 2015, 10:40:30 AM

Hi.
You can't hide it since a web browsers require the info.
You can hide a version numbers in a configs.

Title: Re: How to turn off server signature on web server?
Post by: alierenerdal on December 11, 2015, 07:12:16 AM

Quote from: r4tulan on November 25, 2015, 06:26:38 PM

http://prntscr.com/96vgah

This information could help an attacker determine which attack vectors the attacker are to use when targeting the system, and i dont want that!

1) Login Cwp and go to Apache Settings / Apache Configuration .

2) Add the following two lines at the end of Apache config file in editor :

ServerSignature Off
ServerTokens Prod

3) Login to ssh and  restart apache with "service httpd restart"

4) See changes in : http://seositecheckup.com/tools/server-signature-test

Title: Re: How to turn off server signature on web server?
Post by: bitzal on October 27, 2018, 10:56:25 PM

If you enable Mod Security via your CWP root user control panel, this will also mask the server signature and replace it with a generic CentOS Web Panel server signature like this:

Server: CentOS WebPanel: Protected by Mod Security