Apache: How to turn server signatures off
Add the below line to your .htaccess file in order to have ServerSignatures turned off.
ServerSignature Off |
Why would you want to do this? There isn’t much reason too but it does hide the version of the web server from visitors viewing a directory listing or similar. The server signature would still be displayed in the http header.
Mihai February 4, 2014 at 5:49 am
The answer of this post is true …
Im using opencart …
Server signatures are something attackers can use & it’s best to have it disabled. If this cannot be done on a shared server ( too bad ), then I just have to deal with it being enabled for now as im on a VPS. The question is how to turn off on the VPS … My site was hacked from the front end a while back so I wanted to have this turned off as an added security measure. Having the server signature “on” also shows up as a vulnerability when I run analysis reports of my site. Maybe can someone has some better answers
James Davey February 4, 2014 at 8:59 am
Hello Mihai,
I am not sure I understand. All you would need to do is add the following to your .htaccess file, as mentioned:
ServerSignature Off
speed2host February 9, 2016 at 8:23 am
Hello,
I disabled signature off in my vps but it still comes up .. Cheked under apache and all good from whm configuration. Any other idea?
Best Regards
James Davey February 9, 2016 at 10:52 am
Hello,
This should disable it, but if it is not I would recommend you contact our support team for a closer look.