httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Simon Ashford" <>
Subject RE: [users@httpd] Removing or overwriting "Server" header field.
Date Wed, 24 Jan 2007 17:50:20 GMT


Doesn't seem to work.  Still get "Server: Apache" in the
HTTP headers regardless of SecServerSignature.

Get the impression from various reading that the Server
header is added by Apache pretty much at the very end of
processing, after anything done by other modules.

Probably something the developers ought to adddress. It would
be nice, for example, to be able to put "ServerTokens None"
or some such in the basic configuration file without needing
any other modules loaded...

Simon Ashford.

-----Original Message-----
From: Pierre-Yves Bonnetain []
Sent: 24 January 2007 14:53
Subject: Re: [users@httpd] Removing or overwriting "Server" header


Simon Ashford wrote:
> We recently had a security audit done and one of the
> points noted was that it was possible to identify the
> web server software in use from the "Server" header.
> So I would like to remove or completely overwrite
> this header with something meaningless.

mod_security and SecServerSignature directive.
Pierre-Yves Bonnetain
B&A Consultants - Sécurité informatique -
Tel. : +33 (0) 567 040 403 - Fax : +33 (0) 567 737 829

This e-mail and any attachments may contain confidential and/or
privileged material; it is for the intended addressee(s) only.
If you are not a named addressee, you must not use, retain or
disclose such information.

NPL Management Ltd cannot guarantee that the e-mail or any
attachments are free from viruses.

NPL Management Ltd. Registered in England and Wales. No: 2937881
Registered Office: Serco House, 16 Bartley Wood Business Park,
                   Hook, Hampshire, United Kingdom  RG27 9UY

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message