October 2, 2022
Apache is one of the most popular web servers but its default configuration contains questionable choices on many Linux distributions. Apache tends to advertise its specific version and the platform it’s running on, information that could be valuable to attackers. This quick article will show you how to disable this output to help protect your…

Apache is one of the most popular web servers but its default configuration contains questionable choices on many Linux distributions. Apache tends to advertise its specific version and the platform it’s running on, information that could be valuable to attackers.

This quick article will show you how to disable this output to help protect your server. There’s usually no reason for it to be active and turning it off should only take a minute.

What’s the Problem?

Here’s a fresh Apache 2.4 installation displaying a directory index:

The page’s footer reveals the Apache version code, operating system name, and internal IP address and port number of your server.

 

These are potentially sensitive details. A zero-day vulnerability in Apache might affect only a small range of versions. By leaving this output turned on, you’re displaying to the world whether your machine’s at risk. This makes it much easier for attackers to identify your host as a potential target.

Apache refers to this data as its “server signature.”…

Read Full Article Source

Leave a Reply

Your email address will not be published.