How to hide the Apache version information in http header

edit the /etc/httpd/conf/httpd.conf file ( in Ubuntu server is /etc/apache2/apache2.conf )

and add

ServerTokens ProductOnly
ServerSignature Off

or edit if the option exist.

ServerTokens options and results:


ServerTokens ProductOnly

result:

Server: Apache

ServerTokens Major

result:

Server: Apache/2

ServerTokens Minor

result:

Server: Apache/2.0

ServerTokens Minimal

result:

Server: Apache/2.0.55

ServerTokens OS

result:

Server: Apache/2.0.55 (Debian)

ServerTokens Full (or not specified) default

result:

Server: Apache/2.0.55 (Debian) PHP/5.1.2-1+b1 mod_ssl/2.0.55 OpenSSL/0.9.8b


and hide the php information

edit /etc/php.ini

edit expose_php to Off

( expose_php = Off )