How to turn off Server Signature in Ubuntu 14.04? [closed]
Clash Royale CLAN TAG#URR8PPP up vote
0
down vote
favorite
I am using Ubuntu 14.04. I want to turn off Server Signature.
By default, the Apache webserver sends HTTP headers with some information about your server version, operating system, modules installed, etc. These informations can be used by hackers in order to exploit vulnerabilities (specially if you are running an older version). These information can be hidden or changed with very basic configurations.
apache2:
Installed: (none)
Candidate: 2.4.7-1ubuntu4.18
Version table:
2.4.10-1ubuntu1.1~ubuntu14.04.2 0
100 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-backports/main amd64 Packages
2.4.7-1ubuntu4.18 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
2.4.7-1ubuntu4 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
apache2-bin:
Installed: 2.4.7-1ubuntu4.18
Candidate: 2.4.7-1ubuntu4.18
Version table:
2.4.10-1ubuntu1.1~ubuntu14.04.2 0
100 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-backports/main amd64 Packages
*** 2.4.7-1ubuntu4.18 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
100 /var/lib/dpkg/status
2.4.7-1ubuntu4 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
How can I turn off Server Signature?
apache2
edited Feb 23 at 20:15
Zanna
48.2k13120228
asked Feb 20 at 12:09
Atul Randil
61
closed as unclear what you're asking by Eric Carvalho, waltinator, George Udosen, Elder Geek, user68186 Feb 25 at 17:33
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |Â
up vote
0
down vote
favorite
I am using Ubuntu 14.04. I want to turn off Server Signature.
By default, the Apache webserver sends HTTP headers with some information about your server version, operating system, modules installed, etc. These informations can be used by hackers in order to exploit vulnerabilities (specially if you are running an older version). These information can be hidden or changed with very basic configurations.
apache2:
Installed: (none)
Candidate: 2.4.7-1ubuntu4.18
Version table:
2.4.10-1ubuntu1.1~ubuntu14.04.2 0
100 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-backports/main amd64 Packages
2.4.7-1ubuntu4.18 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
2.4.7-1ubuntu4 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
apache2-bin:
Installed: 2.4.7-1ubuntu4.18
Candidate: 2.4.7-1ubuntu4.18
Version table:
2.4.10-1ubuntu1.1~ubuntu14.04.2 0
100 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-backports/main amd64 Packages
*** 2.4.7-1ubuntu4.18 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
100 /var/lib/dpkg/status
2.4.7-1ubuntu4 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
How can I turn off Server Signature?
apache2
edited Feb 23 at 20:15
Zanna
48.2k13120228
asked Feb 20 at 12:09
Atul Randil
61
closed as unclear what you're asking by Eric Carvalho, waltinator, George Udosen, Elder Geek, user68186 Feb 25 at 17:33
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
2
What are you trying to do? what do you mean by server signature?
– pim
Feb 20 at 14:53
1
I think they mean theServerHTTP response header. I'd edit the question but there's still one pending review.
– David Foerster
Feb 20 at 16:23
By default, the Apache webserver sends HTTP headers with some information about your server version, operating system, modules installed, etc. These informations can be used by hackers in order to exploit vulnerabilities (specially if you are running an older version). These information can be hidden or changed with very basic configurations.
– Atul Randil
Feb 21 at 6:31
1
@AtulRandil add the output ofapt-cache policy apache2 apache2-binto the post, please.
– muru
Feb 22 at 8:09
Contrary to what you seem to believe yourapt-cache policy apache2 apache2-binoutput indicates that apache2 is not installed. The output ofdpkg-query -l apache*might provide some further clues as to whether it was accidentally removed, etc.
– Elder Geek
Feb 25 at 15:12
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am using Ubuntu 14.04. I want to turn off Server Signature.
By default, the Apache webserver sends HTTP headers with some information about your server version, operating system, modules installed, etc. These informations can be used by hackers in order to exploit vulnerabilities (specially if you are running an older version). These information can be hidden or changed with very basic configurations.
apache2:
Installed: (none)
Candidate: 2.4.7-1ubuntu4.18
Version table:
2.4.10-1ubuntu1.1~ubuntu14.04.2 0
100 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-backports/main amd64 Packages
2.4.7-1ubuntu4.18 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
2.4.7-1ubuntu4 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
apache2-bin:
Installed: 2.4.7-1ubuntu4.18
Candidate: 2.4.7-1ubuntu4.18
Version table:
2.4.10-1ubuntu1.1~ubuntu14.04.2 0
100 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-backports/main amd64 Packages
*** 2.4.7-1ubuntu4.18 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
100 /var/lib/dpkg/status
2.4.7-1ubuntu4 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
How can I turn off Server Signature?
apache2
edited Feb 23 at 20:15
Zanna
48.2k13120228
asked Feb 20 at 12:09
Atul Randil
61
I am using Ubuntu 14.04. I want to turn off Server Signature.
By default, the Apache webserver sends HTTP headers with some information about your server version, operating system, modules installed, etc. These informations can be used by hackers in order to exploit vulnerabilities (specially if you are running an older version). These information can be hidden or changed with very basic configurations.
apache2:
Installed: (none)
Candidate: 2.4.7-1ubuntu4.18
Version table:
2.4.10-1ubuntu1.1~ubuntu14.04.2 0
100 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-backports/main amd64 Packages
2.4.7-1ubuntu4.18 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
2.4.7-1ubuntu4 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
apache2-bin:
Installed: 2.4.7-1ubuntu4.18
Candidate: 2.4.7-1ubuntu4.18
Version table:
2.4.10-1ubuntu1.1~ubuntu14.04.2 0
100 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-backports/main amd64 Packages
*** 2.4.7-1ubuntu4.18 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
100 /var/lib/dpkg/status
2.4.7-1ubuntu4 0
500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
How can I turn off Server Signature?
apache2
apache2
edited Feb 23 at 20:15
Zanna
48.2k13120228
asked Feb 20 at 12:09
Atul Randil
61
edited Feb 23 at 20:15
Zanna
48.2k13120228
asked Feb 20 at 12:09
Atul Randil
61
edited Feb 23 at 20:15
Zanna
48.2k13120228
edited Feb 23 at 20:15
Zanna
48.2k13120228
edited Feb 23 at 20:15
Zanna
48.2k13120228
48.2k13120228
asked Feb 20 at 12:09
Atul Randil
61
asked Feb 20 at 12:09
Atul Randil
61
asked Feb 20 at 12:09
Atul Randil
61
61
closed as unclear what you're asking by Eric Carvalho, waltinator, George Udosen, Elder Geek, user68186 Feb 25 at 17:33
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as unclear what you're asking by Eric Carvalho, waltinator, George Udosen, Elder Geek, user68186 Feb 25 at 17:33
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
2
What are you trying to do? what do you mean by server signature?
– pim
Feb 20 at 14:53
1
I think they mean theServerHTTP response header. I'd edit the question but there's still one pending review.
– David Foerster
Feb 20 at 16:23
By default, the Apache webserver sends HTTP headers with some information about your server version, operating system, modules installed, etc. These informations can be used by hackers in order to exploit vulnerabilities (specially if you are running an older version). These information can be hidden or changed with very basic configurations.
– Atul Randil
Feb 21 at 6:31
1
@AtulRandil add the output ofapt-cache policy apache2 apache2-binto the post, please.
– muru
Feb 22 at 8:09
Contrary to what you seem to believe yourapt-cache policy apache2 apache2-binoutput indicates that apache2 is not installed. The output ofdpkg-query -l apache*might provide some further clues as to whether it was accidentally removed, etc.
– Elder Geek
Feb 25 at 15:12
add a comment |Â
2
What are you trying to do? what do you mean by server signature?
– pim
Feb 20 at 14:53
1
I think they mean theServerHTTP response header. I'd edit the question but there's still one pending review.
– David Foerster
Feb 20 at 16:23
By default, the Apache webserver sends HTTP headers with some information about your server version, operating system, modules installed, etc. These informations can be used by hackers in order to exploit vulnerabilities (specially if you are running an older version). These information can be hidden or changed with very basic configurations.
– Atul Randil
Feb 21 at 6:31
1
@AtulRandil add the output ofapt-cache policy apache2 apache2-binto the post, please.
– muru
Feb 22 at 8:09
Contrary to what you seem to believe yourapt-cache policy apache2 apache2-binoutput indicates that apache2 is not installed. The output ofdpkg-query -l apache*might provide some further clues as to whether it was accidentally removed, etc.
– Elder Geek
Feb 25 at 15:12
2
2
What are you trying to do? what do you mean by server signature?
– pim
Feb 20 at 14:53
What are you trying to do? what do you mean by server signature?
– pim
Feb 20 at 14:53
1
1
I think they mean the
Server HTTP response header. I'd edit the question but there's still one pending review.– David Foerster
Feb 20 at 16:23
I think they mean the
Server HTTP response header. I'd edit the question but there's still one pending review.– David Foerster
Feb 20 at 16:23
By default, the Apache webserver sends HTTP headers with some information about your server version, operating system, modules installed, etc. These informations can be used by hackers in order to exploit vulnerabilities (specially if you are running an older version). These information can be hidden or changed with very basic configurations.
– Atul Randil
Feb 21 at 6:31
By default, the Apache webserver sends HTTP headers with some information about your server version, operating system, modules installed, etc. These informations can be used by hackers in order to exploit vulnerabilities (specially if you are running an older version). These information can be hidden or changed with very basic configurations.
– Atul Randil
Feb 21 at 6:31
1
1
@AtulRandil add the output of
apt-cache policy apache2 apache2-bin to the post, please.– muru
Feb 22 at 8:09
@AtulRandil add the output of
apt-cache policy apache2 apache2-bin to the post, please.– muru
Feb 22 at 8:09
Contrary to what you seem to believe your
apt-cache policy apache2 apache2-bin output indicates that apache2 is not installed. The output of dpkg-query -l apache* might provide some further clues as to whether it was accidentally removed, etc.– Elder Geek
Feb 25 at 15:12
Contrary to what you seem to believe your
apt-cache policy apache2 apache2-bin output indicates that apache2 is not installed. The output of dpkg-query -l apache* might provide some further clues as to whether it was accidentally removed, etc.– Elder Geek
Feb 25 at 15:12
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
2
down vote
You can do it by changing the file /etc/apache2/conf-enabled/security.conf if exists:
sudo vim /etc/apache2/conf-enabled/security.conf
change:
ServerTokens ProdServerSignature Off
If the file doesn't exist, just create one in
sudo vim /etc/apache2/conf-available/security.conf
and add
ServerTokens Prod
ServerSignature Off
then, enable the config file by:
sudo a2enconf security
or add a symbolic link like so
sudo ln -s ../conf-available/security.conf /etc/apache2/conf-enabled/security.conf
and restart apache
sudo service apache2 restart
edited Feb 20 at 16:25
David Foerster
26.5k1362106
answered Feb 20 at 12:19
Adel Kihal
36516
I got sudo: a2enconf: command not found error
– Atul Randil
Feb 20 at 12:29
@AtulRandil you can make a symbolic link like so : sudo ln -s /etc/apache2/conf-available/security.conf /etc/apache2/conf-enabled/security.conf
– Adel Kihal
Feb 20 at 12:34
I got following errorln: failed to create symbolic link ‘/etc/apache2/conf-enabled/security.conf’: No such file or directory
– Atul Randil
Feb 20 at 12:39
@AtulRandil Do you have a folder named conf-enabled in your apache2 dir ???
– Adel Kihal
Feb 20 at 12:57
No. I don't have folder named conf-enabled in apache2 dir. Should I create?
– Atul Randil
Feb 21 at 6:23
 |Â
show 5 more comments
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
You can do it by changing the file /etc/apache2/conf-enabled/security.conf if exists:
sudo vim /etc/apache2/conf-enabled/security.conf
change:
ServerTokens ProdServerSignature Off
If the file doesn't exist, just create one in
sudo vim /etc/apache2/conf-available/security.conf
and add
ServerTokens Prod
ServerSignature Off
then, enable the config file by:
sudo a2enconf security
or add a symbolic link like so
sudo ln -s ../conf-available/security.conf /etc/apache2/conf-enabled/security.conf
and restart apache
sudo service apache2 restart
edited Feb 20 at 16:25
David Foerster
26.5k1362106
answered Feb 20 at 12:19
Adel Kihal
36516
I got sudo: a2enconf: command not found error
– Atul Randil
Feb 20 at 12:29
@AtulRandil you can make a symbolic link like so : sudo ln -s /etc/apache2/conf-available/security.conf /etc/apache2/conf-enabled/security.conf
– Adel Kihal
Feb 20 at 12:34
I got following errorln: failed to create symbolic link ‘/etc/apache2/conf-enabled/security.conf’: No such file or directory
– Atul Randil
Feb 20 at 12:39
@AtulRandil Do you have a folder named conf-enabled in your apache2 dir ???
– Adel Kihal
Feb 20 at 12:57
No. I don't have folder named conf-enabled in apache2 dir. Should I create?
– Atul Randil
Feb 21 at 6:23
 |Â
show 5 more comments
up vote
2
down vote
You can do it by changing the file /etc/apache2/conf-enabled/security.conf if exists:
sudo vim /etc/apache2/conf-enabled/security.conf
change:
ServerTokens ProdServerSignature Off
If the file doesn't exist, just create one in
sudo vim /etc/apache2/conf-available/security.conf
and add
ServerTokens Prod
ServerSignature Off
then, enable the config file by:
sudo a2enconf security
or add a symbolic link like so
sudo ln -s ../conf-available/security.conf /etc/apache2/conf-enabled/security.conf
and restart apache
sudo service apache2 restart
edited Feb 20 at 16:25
David Foerster
26.5k1362106
answered Feb 20 at 12:19
Adel Kihal
36516
I got sudo: a2enconf: command not found error
– Atul Randil
Feb 20 at 12:29
@AtulRandil you can make a symbolic link like so : sudo ln -s /etc/apache2/conf-available/security.conf /etc/apache2/conf-enabled/security.conf
– Adel Kihal
Feb 20 at 12:34
I got following errorln: failed to create symbolic link ‘/etc/apache2/conf-enabled/security.conf’: No such file or directory
– Atul Randil
Feb 20 at 12:39
@AtulRandil Do you have a folder named conf-enabled in your apache2 dir ???
– Adel Kihal
Feb 20 at 12:57
No. I don't have folder named conf-enabled in apache2 dir. Should I create?
– Atul Randil
Feb 21 at 6:23
 |Â
show 5 more comments
up vote
2
down vote
up vote
2
down vote
You can do it by changing the file /etc/apache2/conf-enabled/security.conf if exists:
sudo vim /etc/apache2/conf-enabled/security.conf
change:
ServerTokens ProdServerSignature Off
If the file doesn't exist, just create one in
sudo vim /etc/apache2/conf-available/security.conf
and add
ServerTokens Prod
ServerSignature Off
then, enable the config file by:
sudo a2enconf security
or add a symbolic link like so
sudo ln -s ../conf-available/security.conf /etc/apache2/conf-enabled/security.conf
and restart apache
sudo service apache2 restart
edited Feb 20 at 16:25
David Foerster
26.5k1362106
answered Feb 20 at 12:19
Adel Kihal
36516
You can do it by changing the file /etc/apache2/conf-enabled/security.conf if exists:
sudo vim /etc/apache2/conf-enabled/security.conf
change:
ServerTokens ProdServerSignature Off
If the file doesn't exist, just create one in
sudo vim /etc/apache2/conf-available/security.conf
and add
ServerTokens Prod
ServerSignature Off
then, enable the config file by:
sudo a2enconf security
or add a symbolic link like so
sudo ln -s ../conf-available/security.conf /etc/apache2/conf-enabled/security.conf
and restart apache
sudo service apache2 restart
edited Feb 20 at 16:25
David Foerster
26.5k1362106
answered Feb 20 at 12:19
Adel Kihal
36516
edited Feb 20 at 16:25
David Foerster
26.5k1362106
edited Feb 20 at 16:25
David Foerster
26.5k1362106
edited Feb 20 at 16:25
David Foerster
26.5k1362106
26.5k1362106
answered Feb 20 at 12:19
Adel Kihal
36516
answered Feb 20 at 12:19
Adel Kihal
36516
answered Feb 20 at 12:19
Adel Kihal
36516
36516
I got sudo: a2enconf: command not found error
– Atul Randil
Feb 20 at 12:29
@AtulRandil you can make a symbolic link like so : sudo ln -s /etc/apache2/conf-available/security.conf /etc/apache2/conf-enabled/security.conf
– Adel Kihal
Feb 20 at 12:34
I got following errorln: failed to create symbolic link ‘/etc/apache2/conf-enabled/security.conf’: No such file or directory
– Atul Randil
Feb 20 at 12:39
@AtulRandil Do you have a folder named conf-enabled in your apache2 dir ???
– Adel Kihal
Feb 20 at 12:57
No. I don't have folder named conf-enabled in apache2 dir. Should I create?
– Atul Randil
Feb 21 at 6:23
 |Â
show 5 more comments
I got sudo: a2enconf: command not found error
– Atul Randil
Feb 20 at 12:29
@AtulRandil you can make a symbolic link like so : sudo ln -s /etc/apache2/conf-available/security.conf /etc/apache2/conf-enabled/security.conf
– Adel Kihal
Feb 20 at 12:34
I got following errorln: failed to create symbolic link ‘/etc/apache2/conf-enabled/security.conf’: No such file or directory
– Atul Randil
Feb 20 at 12:39
@AtulRandil Do you have a folder named conf-enabled in your apache2 dir ???
– Adel Kihal
Feb 20 at 12:57
No. I don't have folder named conf-enabled in apache2 dir. Should I create?
– Atul Randil
Feb 21 at 6:23
I got sudo: a2enconf: command not found error
– Atul Randil
Feb 20 at 12:29
I got sudo: a2enconf: command not found error
– Atul Randil
Feb 20 at 12:29
@AtulRandil you can make a symbolic link like so : sudo ln -s /etc/apache2/conf-available/security.conf /etc/apache2/conf-enabled/security.conf
– Adel Kihal
Feb 20 at 12:34
@AtulRandil you can make a symbolic link like so : sudo ln -s /etc/apache2/conf-available/security.conf /etc/apache2/conf-enabled/security.conf
– Adel Kihal
Feb 20 at 12:34
I got following errorln: failed to create symbolic link ‘/etc/apache2/conf-enabled/security.conf’: No such file or directory
– Atul Randil
Feb 20 at 12:39
I got following errorln: failed to create symbolic link ‘/etc/apache2/conf-enabled/security.conf’: No such file or directory
– Atul Randil
Feb 20 at 12:39
@AtulRandil Do you have a folder named conf-enabled in your apache2 dir ???
– Adel Kihal
Feb 20 at 12:57
@AtulRandil Do you have a folder named conf-enabled in your apache2 dir ???
– Adel Kihal
Feb 20 at 12:57
No. I don't have folder named conf-enabled in apache2 dir. Should I create?
– Atul Randil
Feb 21 at 6:23
No. I don't have folder named conf-enabled in apache2 dir. Should I create?
– Atul Randil
Feb 21 at 6:23
 |Â
show 5 more comments
2
What are you trying to do? what do you mean by server signature?
– pim
Feb 20 at 14:53
1
I think they mean the
ServerHTTP response header. I'd edit the question but there's still one pending review.– David Foerster
Feb 20 at 16:23
By default, the Apache webserver sends HTTP headers with some information about your server version, operating system, modules installed, etc. These informations can be used by hackers in order to exploit vulnerabilities (specially if you are running an older version). These information can be hidden or changed with very basic configurations.
– Atul Randil
Feb 21 at 6:31
1
@AtulRandil add the output of
apt-cache policy apache2 apache2-binto the post, please.– muru
Feb 22 at 8:09
Contrary to what you seem to believe your
apt-cache policy apache2 apache2-binoutput indicates that apache2 is not installed. The output ofdpkg-query -l apache*might provide some further clues as to whether it was accidentally removed, etc.– Elder Geek
Feb 25 at 15:12