Atlantic.Net Blog

How to Disable Apache Server Signature on CentOS 8

Hitesh Jethva
by Atlantic.Net (228 posts) under Dedicated Server Hosting, Tutorials
0 Comments

If you are using an Apache webserver to host your application in the production environment, then it is recommended to disable the Apache server signature to hide the Apache version number. Attackers can use Nmap or another tool to find the Apache version number before performing an attack. After detecting the Apache version number, attackers find the vulnerability of a specific Apache version and perform the attack.

In this post, we will show you how to disable the Apache server signature on CentOS 8.

Prerequisites

  • A fresh CentOS 8 server on the Atlantic.Net Cloud Platform
  • A root password configured on your server

Step 1 – Create Atlantic.Net Cloud Server

First, log in to your Atlantic.Net Cloud Server. Create a new server, choosing CentOS 8 as the operating system with at least 2GB RAM. Connect to your Cloud Server via SSH and log in using the credentials highlighted at the top of the page.

Once you are logged in to your CentOS 8 server, run the following command to update your base system with the latest available packages.

dnf update -y

Step 2 – Install Apache Server

Before starting, the Apache webserver must be installed on your server. If not installed, you can install it with the following command:

dnf install httpd -y

Once installed, start the Apache service and enable it to start at system reboot:

systemctl start httpd
systemctl enable httpd

Step 3 – Verify Apache Server Signature

Next, you will need to check whether the Apache signature is on or off. You can check it by running the following command:

curl --head http://localhost

You should see the following output:

HTTP/1.1 403 Forbidden
Date: Wed, 24 Mar 2021 12:24:45 GMT
Server: Apache/2.4.37 (centos)
Content-Location: index.html.zh-CN
Vary: negotiate,accept-language
TCN: choice
Last-Modified: Fri, 14 Jun 2019 03:37:43 GMT
ETag: "fa6-58b405e7d6fc0;5be475f323d62"
Accept-Ranges: bytes
Content-Length: 4006
Content-Type: text/html; charset=UTF-8
Content-Language: zh-cn

The above output shows the Apache version number that means the Apache signature is enabled in your system.

Step 4 – Disable Apache Signature

You can disable the Apache signature by editing the Apache main configuration file:

nano /etc/httpd/conf/httpd.conf

Add the following line at the end of the file:

ServerTokens Prod

Save and close the file when you are finished. Then, restart the Apache service to apply the changes:

systemctl restart httpd

Step 5 – Verify the Apache Signature

At this point, the Apache signature is disabled on your system. Next, you will need to verify whether the Apache signature is disabled or not.

To check it, run the following command:

curl --head http://localhost

You should see the following output:

HTTP/1.1 403 Forbidden
Date: Wed, 24 Mar 2021 12:26:25 GMT
Server: Apache
Content-Location: index.html.zh-CN
Vary: negotiate,accept-language
TCN: choice
Last-Modified: Fri, 14 Jun 2019 03:37:43 GMT
ETag: "fa6-58b405e7d6fc0;5be475f323d62"
Accept-Ranges: bytes
Content-Length: 4006
Content-Type: text/html; charset=UTF-8
Content-Language: zh-cn

The above output does not show the Apache version, which means the Apache signature is disabled in your system.

Conclusion

In the above guide, you learned how to disabled the Apache signature on CentOS 8. Ideally, this will increase your Apache web server security; try it today on your dedicated server from Atlantic.Net.

Get A Free To Use Cloud VPS

Free Tier Includes:
G3.2GB Cloud VPS Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


Looking for a Hosting Solution?

We Provide Cloud, Dedicated, & Colocation.

  • Seven Global Data Center Locations.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now! Med Tech Award FTC
SOC Audit HIPAA Audit HITECH Audit

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G3.2GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources