How to Change Apache Server Name to Anything in Server Headers

In one of our several articles relating to Apache server security and hardening tips, we explained how to hide Apache version number and other sensitive information.

We discussed how to keep away valuable information such as the web server version number, server operating system details, installed Apache modules and so much more, from being sent along in server-generated documents back to the client (possibly attackers).

In this article, we will show you yet another useful Apache security tip – changing HTTP web server name to anything else in server header.

What do we actually mean here? Take a look at the screen shot below, it shows a listing of directories in our web server document root, beneath that, you can see the server signature (web server name, version, operating system, ip address and port).

Apache Directory Listing
Apache Directory Listing

Most times, hackers use known vulnerabilities in web server software to attack your websites or web apps, therefore changing the name of your web server makes it difficult for them to know the type of server running on your system. The point is to change the name “Apache” to something else.

This can be achieved by installing Apache mod_security module.

-------- On Debian/Ubuntu -------- 
$ sudo apt install libapache2-mod-security2
$ sudo a2enmod security2

-------- On CentOS/RHEL and Fedora --------
# yum install mod_security
# dnf install mod_security

Then open the Apache configuration file.

$ sudo vi /etc/apache2/apache2.conf	#Debian/Ubuntu 
# vi /etc/httpd/conf/httpd.conf	        #RHEL/CentOS/Fedora

Now change or add these lines below (make sure to change TecMint_Web to any other thing you want to appear to clients).

ServerTokens Full
SecServerSignature “Tecmint_Web”

Finally restart the web server.

$ sudo systemctl restart apache2   #Debian/Ubuntu 
# systemctl restart httpd          #RHEL/CentOS/Fedora

Now verify the page again using curl command or accessing from the browser to see the web server name has changed from Apache to Tecmint_Web.

$ curl -I -L http://domain-or-ipaddress
Apache Listing of Directory
Apache Listing of Directory

Thats It! Do check out following articles related to Apache web server.

  1. Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security
  2. How to Find MySQL, PHP and Apache Configuration Files
  3. How to Change Default Apache ‘DocumentRoot’ Directory in Linux
  4. How to Check Which Apache Modules are Enabled/Loaded in Linux
  5. 13 Apache Web Server Security and Hardening Tips

In this article, we showed how to change HTTP web server name to anything else in server header in Linux. Use the feedback form below to add you thoughts about this topic.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

6 Comments

Leave a Reply
  1. Can we rename the Apache Installation directory?

    Example:

    /opt/my_apache_new TO /opt/my_apache
    

    After renaming i am getting below error:

    ./apachectl -V
    ./apachectl: line 79:  4425 Segmentation fault      (core dumped) $HTTPD "$@"
    
    Reply
  2. I can’t restart Apache, says:

    "Job for apache2.service failed because the control process exited with error code.
    See "systemctl status apache2.service" and "journalctl -xe" for details." 
    

    But I’ve changed the apache.conf how it is before do it and now works… help please. And this is a good article (but it don’t works for me ;-D )

    Reply
  3. Hi,

    Is there any way that I can change the server name through .htaccess file? Please let me know. Thanks.

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.