In some tests found that the "server signature was on," I do not know what that is. What is it and how can I turn off this "signature"? In security testing I recommend that I turn off this signature to preserve server security.
In some tests found that the "server signature was on," I do not know what that is. What is it and how can I turn off this "signature"? In security testing I recommend that I turn off this signature to preserve server security.
This is the information that the HTTP server provides in some circumstances such as error pages and headers . This is not so critical, it just provides useful information for hackers .
You should add:
ServerSignature Off
ServerTokens Prod
to your configuration file, probably httpd.conf
(some systems use apache2.conf
).
You need to reload the file or restart the server.
You can see the before and after trying to access a nonexistent page.
Although rare and probably will not be your problem, this can cause some undesirable side effects when some software needs this information to make decisions.