ServerSignature Off
This directive is used to control whether the server includes a server signature in its response headers. The server signature typically includes information about the server software version. When ServerSignature
is set to Off
, the server will not include this information in its responses. This is a security measure to minimize the amount of information exposed to potential attackers.
ServerTokens Prod
This directive controls the information included in the “Server” response header. When set to Prod
(short for “Production”), the server will only include the information that it is a “Apache” server without specifying the version number. This is another security measure to limit the exposure of detailed server information.
By using these directives in your Apache configuration, you are taking steps to enhance the security of your server by reducing the amount of information disclosed in the response headers. This is generally considered a good practice to minimize the potential attack surface and make it more challenging for attackers to gather information about your server environment.
Find the Apache configuration file called httpd.conf. Then paste these two lines of code below, if they don’t exist in the file or if they are commented out with # just remove the #
ServerSignature Off
ServerTokens Prod