Hide Apache Server Signature Completely
By default, if you install the Apache web service, it comes with many modules and services that provide critial server informations to the outside world. Also, critical server information that an attacker exploits, e.g. looking for an exploit of an older Apache version on the Internet. Reconnaissance attacks are very popular for such an event. Learn more about Reconnaissance attacks.
The following code snippet completely removes the ServerSignature. Put this in the /etc/apache2/apache2.conf file. Also, make sure that this module is installed before using the code.
After that there is not even any more in the header, which web server is concerned, e.g. Nginx, Apache, Tomcat etc.
To remove the Server Signature type this
To remove the webserver completely in the Server Header type this
SecServerSignature " "
without our code:
with our code:
Finally, restart Apache with
service apache2 restart.
If you want to check this, visit this.