When accessing a website, some server programs transmit additional information, such as the server version used, the operating system used, or plug-ins used.
Attackers could use this information to exploit vulnerabilities of the software used. You can make it harder for attackers by hiding any sensitive information.
Hiding Apache Server Version
There are settings for the frequently used Apache web server that prevent sensitive information being released.
Open your Apache web server configurations and apply the following settings:
Some Apache web servers are configured to deliver a detailed status report as a website. In this case, proceed as follows:
- Check if your web server offers a status report.
To do this, enter your domain in your browser followed by /server-info (e.g. http://example.com/server-info)
If a page with technical information about your web server appears, your web server is vulnerable.
- Look for the following block in your web server configuration:
- Adjust the configuration so that the page is not publicly accessible:
Deny from all
- Restart the Apache web server to load the customised configuration.
Please refer to the official Apache-Documentation for further information.