1. How to hide Apache Version and OS Identity from Errors
When you install Apache with source or any other package installers like yum, it displays the version of your Apache web server installed on your server with the Operating system name of your server in Errors. It also shows the information about Apache modules installed in your server.
In above picture, you can see that Apache is showing its version with the OS installed in your server. This can be a major security threat to your web server as well as your Linux box too. To prevent Apache to not to display these information to the world, we need to make some changes in Apache main configuration file.
Open configuration file with vim editor and search for “ServerSignature“, its by default On. We need to Off these server signature and the second line “ServerTokens Prod” tells Apache to return only Apache as product in the server response header on the every page request, It suppress the OS, major and minor version info.
# tested with: Linux dwaves.de 3.2.0-4-686-pae #1 SMP Debian 3.2.68-1+deb7u1 i686 GNU/Linux
# greyed stuff: not tested
# find your apache2.conf (in cased they moved it again "OOOPS I MOVED IT AGAIN... " locate apache2.conf # if locate is not up to date/not in use find / -name apache2.conf # everything below /etc is the global config and should be the one you want ;) vim /etc/apache2/apache2.conf (Debian/Ubuntu)
# vim /etc/httpd/conf/httpd.conf (RHEL/CentOS/Fedora)
# add those two lines at the end of the file ServerSignature Off ServerTokens Prod
# restart apache2
service apache2 restart (Debian/Ubuntu) service httpd restart (RHEL/CentOS/Fedora)
2. Disable Directory Listing
By default Apache list all the content of Document root directory in the absence of index file. Please see the image below.
We can turn off directory listing by using Options directive in configuration file for a specific directory. For that we need to make an entry in httpd.conf or apache2.conf file.
<Directory /var/www/html> Options -Indexes </Directory>