How to Change Apache Server Name to Anything in Server Headers

In one of our several articles relating to Apache server security and hardening tips, we explained how to hide Apache version number and other sensitive information.

We discussed how to keep away valuable information such as the web server version number, server operating system details, installed Apache modules and so much more, from being sent along in server-generated documents back to the client (possibly attackers).

In this article, we will show you yet another useful Apache security tip – changing HTTP web server name to anything else in server header.

What do we actually mean here? Take a look at the screen shot below, it shows a listing of directories in our web server document root, beneath that, you can see the server signature (web server name, version, operating system, ip address and port).

Apache Directory Listing

Apache Directory Listing

Most times, hackers use known vulnerabilities in web server software to attack your websites or web apps, therefore changing the name of your web server makes it difficult for them to know the type of server running on your system. The point is to change the name “Apache” to something else.

This can be achieved by installing Apache mod_security module.

-------- On Debian/Ubuntu -------- 
$ sudo apt install libapache2-mod-security2
$ sudo a2enmod security2

-------- On CentOS/RHEL and Fedora --------
# yum install mod_security
# dnf install mod_security

Then open the Apache configuration file.

$ sudo vi /etc/apache2/apache2.conf	#Debian/Ubuntu 
# vi /etc/httpd/conf/httpd.conf	        #RHEL/CentOS/Fedora

Now change or add these lines below (make sure to change TecMint_Web to any other thing you want to appear to clients).

ServerTokens Full
SecServerSignature “Tecmint_Web”

Finally restart the web server.

$ sudo systemctl restart apache2   #Debian/Ubuntu 
# systemctl restart httpd          #RHEL/CentOS/Fedora

Now verify the page again using curl command or accessing from the browser to see the web server name has changed from Apache to Tecmint_Web.

$ curl -I -L http://domain-or-ipaddress
Apache Listing of Directory

Apache Listing of Directory

Thats It! Do check out following articles related to Apache web server.

  1. Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security
  2. How to Find MySQL, PHP and Apache Configuration Files
  3. How to Change Default Apache ‘DocumentRoot’ Directory in Linux
  4. How to Check Which Apache Modules are Enabled/Loaded in Linux
  5. 13 Apache Web Server Security and Hardening Tips

In this article, we showed how to change HTTP web server name to anything else in server header in Linux. Use the feedback form below to add you thoughts about this topic.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

5 Responses

  1. ThePublicHacker says:

    I can’t restart Apache, says:

    "Job for apache2.service failed because the control process exited with error code.
    See "systemctl status apache2.service" and "journalctl -xe" for details." 
    

    But I’ve changed the apache.conf how it is before do it and now works… help please. And this is a good article (but it don’t works for me ;-D )

  2. hoseinmont says:

    Thanks a ton, very good article..

  3. Rahul Mukherjee says:

    Hi,

    Is there any way that I can change the server name through .htaccess file? Please let me know. Thanks.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.