Disable Web Server Signatures in FreeBSD
Hide server details from potential online threats in a few easy steps.
==========
1. Log in to "root". Regular users must be part of the "wheel" group in order to do this.
user@host: $ su -
2. Open the Apache main configuration file.
root@host: # ee /usr/local/etc/apache24/httpd.conf
3. Find and uncomment the following Apache directive.
# BEGIN CODE
# ...
Include etc/apache24/extra/httpd-default.conf
# Default config for the Apache web server.
# ...
# END CODE
4. Open the Apache default settings configuration file.
root@host: # ee /usr/local/etc/apache24/extra/httpd-default.conf
5. Find and modify the following Apache directives.
# BEGIN CODE
# ...
# ...
ServerTokens Prod
# "Prod" reduces Apache info sent by the server in its HTTP response header.
# "Prod" reduces Apache info sent by the server in its HTTP response header.
# ...
ServerSignature Off
# "Off" removes info on server, host, and port from error pages and other auto-generated docs.
# "Off" removes info on server, host, and port from error pages and other auto-generated docs.
# ...
# END CODE
6. Open the PHP configuration file.
root@host: # ee /usr/local/etc/php.ini
7. Find and modify the following PHP config.
; BEGIN CODE
; ...
; ...
expose_php = Off
; "Off" removes the PHP signature sent by the server in its HTTP response header.
; More info at https://php.net/expose-php
; "Off" removes the PHP signature sent by the server in its HTTP response header.
; More info at https://php.net/expose-php
; ...
; END CODE
; END CODE
8. Restart the server.
root@host: # service apache24 restart
9. Log out from "root".
root@host: # exit
==========
For Debian-based Linux distributions, the process is similar but some file paths and commands are different as shown here.
==========
Comments
Post a Comment