Hide Apache and PHP signature information

by mtecheasy on December 14, 2010

Apache Version 2.2, Ubuntu Server 9.04

Files to edit:
/etc/php5/apache2/php.ini
/etc/apache2/conf.d/security

When you access a page on your server that doesn’t exit, you get the following possible signature by default:
Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.6 with Suhosin-Patch Server at 192.168.100.158 Port 80

To remove the PHP Signature, open php.ini and find expose_php = On, and change it to Off.
Apache/2.2.11 (Ubuntu) Server at 192.168.100.158 Port 80

To remove the Apache version number, OS name, open the security file and change the ServerTokens Full to ServerTokens Prod.
Apache Server at 192.168.100.158 Port 80

If you don’t want any information displayed, open the security file once more and change the ServerSignature On to ServerSignature Off.

For more information on the various options available visit:
http://httpd.apache.org/docs/current/mod/core.html#serversignature
http://httpd.apache.org/docs/current/mod/core.html#servertokens

Leave a Reply