Apache: how to hide server version and operation system from users


I've read on one site that I need to add two lines to httpd.conf file:

ServerSignature Off

ServerTokens Prod

But when I've added them nothing changed. As previously I can see in my browser

Apache/2.2.16 (Debian)

Maybe that's important: When I opened file (I mean before adding above lines) httpd.conf I saw it's empty. I use VPS.


Best Solution


sudo nano /etc/apache2/conf-enabled/security.conf


  • change ServerTokens OS to ServerTokens Prod
  • change ServerSignature On to ServerSignature Off

Restart Apache :

sudo service apache2 restart

This article may also help you: Hide Apache Information

Related Question