Sanaullah Sajid Mukhtiar

how to turn off server signature on apache web server linux

Qurestion: Whenever Apache2 web server returns error pages (e.g., 404 not found, 403 access forbidden pages), it shows web server signature (e.g., Apache version number and operating system info) at the bottom of the pages.
Also, when Apache2 web server serves any PHP pages, it reveals PHP version info. How can I turn off these web server signatures in Apache2 web server?


Disabling Apache web server signature can be achieved by editing Apache config file.

 Ubuntu,On Debian or Linux Mint:   Use code in terminal.

$ sudo vi /etc/apache2/apache2.conf

On CentOS, Fedora, RHEL or Arch Linux:

$ sudo vi /etc/httpd/conf/httpd.conf

Add the following two lines at the end of Apache config file.

ServerSignature Off
ServerTokens Prod

Then restart web server to activate the change:

$ sudo service httpd restart (CentOS/RHEL 6)

$ sudo service apache2 restart (Debian, Ubuntu or Linux Mint)
$ sudo systemctl restart httpd.service (Fedora, CentOS/RHEL 7, Arch Linux)

The first line 'ServerSignature Off' makes Apache2 web server hide Apache version info on any error pages.