You can use different syntaxes in this directive, as listed in the Apache ServerTokens documentation.
The ServerTokens directive controls the information that is sent back in the Server response header field. To restrict Apache from displaying this sensitive information, you need to disable this directive in your nf Apache configuration file: ServerSignature OffĤ. This footer includes information about your Apache configuration such as the version of Apache and the operating system. The ServerSignature directive adds a footer to server-generated documents. You can disable this directive by commenting it out in the nf Apache configuration file: # An attacker may use this information to craft an attack against the web server. When enabled, the directive lists information about server performance, such as server uptime, server load, current HTTP requests, and client IP addresses. You can disable this directive by commenting out the entire mod_info module in the nf Apache configuration file: #LoadModule info_module modules/mod_info.so In the past, an attacker could use this information to find out whether the server uses a version of OpenSSL that is vulnerable to the Heartbleed bug. This could potentially include sensitive information about server settings such as the server version, system paths, database names, library information, and so on.įor example, /server-info exposes the Apache version along with the OpenSSL version. If the directive in the nf configuration file is enabled, you can see information about the Apache configuration by accessing the /server-info page (for example, ). In this article, you can find 10 security tips to harden your Apache configuration and improve Apache security in general. It is also often described as one of the most secure web servers. At the moment, it is used to host approximately 40% of websites. The Apache web server is one of the most popular web servers available for both Windows and Linux/UNIX.