Apache Server configuration support - Wish to remove Apache message

Author

Wish to remove Apache message

Stephane M

2007-01-27, 1:18 pm

Hi,

On my website, if you can't read a page or if you are not authorized,
you have the following message :

*****
Apache/2.0.52 (CentOS) Server at www.mywebsite.com Port 80

**********

How can I disable the '(CentOS)' ?? I don't really want that everybody
get this information !:-)

Thanks and regards

Steve

David

2007-01-27, 1:18 pm

Stephane M wrote:
> Hi,
>
> On my website, if you can't read a page or if you are not authorized,
> you have the following message :
>
> *****
> Apache/2.0.52 (CentOS) Server at www.mywebsite.com Port 80
>
>
> **********
>
> How can I disable the '(CentOS)' ?? I don't really want that everybody
> get this information !:-)
>
> Thanks and regards
>
> Steve

I think you will find the answer in the httpd.conf file. Something
called ServerSignature
It can be set to On|Off|Email

--
MicroSoft's NEW Motto: "Good enough." When you're on top, that's the
only standard that matters.

Davide Bianchi

2007-01-27, 1:18 pm

On 2007-01-27, Stephane M <Stephane@M.com> wrote:
> On my website, if you can't read a page or if you are not authorized,
> you have the following message :

You get the same message in every response, even if it's ok,
try telnetting to port 80 and you'll get something similar.
You can start by changing the ServerSignature directive, then you
could add custom error page for 404 and wathever other error
message you want to tailor to remove the default server-generated
message.

Davide

--
If you chase the prerequisites by installing their RPMs, the first 3-4 levels
will seem reasonable, but once you're down ~10 levels, the new version of echo
will end up requiring upgrades of libc, the kernel, or the color of the solder
mask on the PC board of your link partner's network card. -- Matt Roberds

Ricardo Manuel Oliveira

2007-01-28, 7:23 pm

> On my website, if you can't read a page or if you are not authorized,
> you have the following message :
>
> *****
> Apache/2.0.52 (CentOS) Server atwww.mywebsite.comPort 80
>
> **********

ServerTokens Prod
ServerSignature Off

Usually, these do the job.

Regards,
Ricardo Oliveira
http://apache.weblog.com.pt/

Stephane M

2007-01-28, 7:23 pm

Davide Bianchi a écrit :
> On 2007-01-27, Stephane M <Stephane@M.com> wrote:
>
> You get the same message in every response, even if it's ok,
> try telnetting to port 80 and you'll get something similar.
> You can start by changing the ServerSignature directive, then you
> could add custom error page for 404 and wathever other error
> message you want to tailor to remove the default server-generated
> message.
>
> Davide
>

Thank you Davide
At least I could NOT display the 'CentOS message" using the
ServerSignature OFF

I did try with the Option Email... but I didn't received anything :-)
- Should I have a Email server running for that ?

Stephane

shimmyshack

2007-01-29, 7:24 pm

On 28 Jan, 22:38, Stephane M <Steph...@M.com> wrote:
> Davide Bianchi a =E9crit :
>
>
>
> At least I could NOT display the 'CentOS message" using the
> ServerSignature OFF
>
> I did try with the Option Email... but I didn't received anything :-)
> - Should I have a Email server running for that ?
>
> Stephane

You need to set the email value in the httpd.conf
ServerAdmin blah@nospam.com

if you like spam, set it, if not get apache 2.2.x and use a url to=20
your html contact form.

You can also use mod_security to complete mask or change the value for=20
your server, so that not even apache shows up.

However you should know that all this is easily got around, people use=20
profiling to determine the likely server/OS combo so you cant really=20
hide much, however to see if you are successfully in truly hiding your=20
OS/server values, submit to netcraft and see what they think you're=20
running.
If you try hard you might fool them!