Cannot file ServerSignature Off ServerTokens Prod

[momaydopod]

I must to do this URL http://www.tecmint.com/apache-security-tips/

For set security but when I:
# vi /usr/local/etc/apache22/httpd.conf

When I search /ServerSignature and /ServerTokens Prod system show "pattern not found".

 

[gkontos]

It is in: /usr/local/etc/apache22/extra/httpd-default.conf

 

[SirDice]

It is in: /usr/local/etc/apache22/extra/httpd-default.conf

Keep in mind this file is not included by default. Look at the bottom of httpd.conf, you'll see several 'extra' configurations (including this one), most are disabled.

 

[momaydopod]

Keep in mind this file is not included by default. Look at the bottom of httpd.conf, you'll see several 'extra' configurations (including this one), most are disabled.

That you mean, in httpd.conf have above syntax such as ServerSignature, ServerTokens Prod right? But this syntax is disabled. If I need to edit and improve security of my webserver. Please advise me.

 

[SirDice]

I suggest reading up on configuring Apache if you want to improve security as it's pretty simple.

At the bottom of httpd.conf enable the include:

# Various default settings
Include etc/apache22/extra/httpd-default.conf

Then edit /usr/local/etc/apache2[24]/extra/httpd-default.conf. There you'll find ServerTokens and ServerSignature.

 

[momaydopod]

OK thank very much, I can do it and modify that file already.

When I telnet to my web.

telnet 172.16.40.100 80
GET / HTTP/1.1
Reply

HTTP/1.1 302 Found
Date: Mon,27 Apr
Server: Apache
X-Powered-By: PHP/5.3.8
Location :  /th

If I don't want to show information of "Server" and "X-Powered-By" . How to edit configure file in apache22?

I know edit file php.ini

expose_php = Off