Turning Off Server Signature In Apache

A server signature contains public information about your current web server. You may not want the public to know this information as it contains sensitive information. An attacker may use this information to exploit any know vulnerability.

Here’s how to turn it off if you’re using a Apache 2.2 web server (Ubuntu 14.04).

Open Apache’s config file (apache2.conf or httpd.conf) and look for ServerSignature. When found, change it to:

  ServerSignature Off
   ServerTokens Prod

If ServerSignature is not located in the Apache config file, then add the above snippet at the end of the file.

Tyler Souza

Tyler is a very passionate full-stack developer who thrives on a challenge. He specializes in programming (mainly in Python), REST API development, and keeps up with the latest front-end technologies. When not coding, he loves to eat ramen, BBQ, and travel.