How To Disable Server Signature with .htaccess or Apache Configuration

Disable Server Signature Techhyme

Server signatures, also known as server banners or server identifiers, provide information about the web server software running on a particular website. While this information can be useful for legitimate purposes, it can also be exploited by malicious actors seeking to identify vulnerabilities in the server software.

As a proactive measure for security, many website administrators choose to disable server signatures.

In this article, we will explore two methods to achieve this: using .htaccess and editing the Apache configuration file.

1. Using .htaccess:

The .htaccess file is a powerful configuration file that allows you to control various aspects of your web server on a per-directory basis. To disable server signatures using .htaccess, follow these steps:

a. Locate or Create .htaccess File:

Navigate to the root directory of your website. Check if there is an existing .htaccess file. If not, create a new one.

b. Edit .htaccess:

Open the .htaccess file in a text editor of your choice. Add the following lines to disable the server signature:

ServerSignature Off
ServerTokens Prod

The first line turns off the server signature, while the second line sets the server tokens to “Prod,” revealing minimal information.

c. Save and Upload:

Save the changes to the .htaccess file. If necessary, upload the modified file to your server.

2. Editing Apache Configuration File:

If you have access to the Apache configuration file, you can make server-wide changes to disable server signatures.

a. Locate Apache Configuration File:

In case of Linux Web Server, the location of the Apache configuration file may vary depending on your server setup. Common locations include `/etc/httpd/httpd.conf` or `/etc/apache2/apache2.conf`.

In case of Windows OS (XAMPP), the location would be `C:\xampp\apache\httpd.conf`.

b. Edit Configuration File:

Open the Apache configuration file in a text editor with root or administrator privileges.

Look for the following directives:

ServerSignature On
ServerTokens Full

Change them to:

ServerSignature Off
ServerTokens Prod

In case, if the above code is not present, then you can add both lines at the end of the configuration file.

Apache Configuration Remove Server Banner

c. Save and Restart Apache:

Save the changes to the configuration file.

Restart the Apache web server to apply the new settings. You can do this with the command:

sudo service apache2 restart # For Ubuntu/Debian


sudo systemctl restart httpd # For CentOS/RHEL

Apache Configuration Remove Server Banner

Disabling server signatures is a simple yet effective step in enhancing the security of your web server. By preventing unnecessary disclosure of server information, you reduce the risk of potential attacks targeting specific vulnerabilities.

Whether you choose to use .htaccess or edit the Apache configuration file directly, implementing these changes contributes to a more robust and secure web environment. Always remember to test these configurations in a safe environment before applying them to a production server.

You may also like:

Related Posts

Leave a Reply