Replace Apache Servername in HTTP Headers

by InMotion Hosting Contributor

1 Minutes, 42 Seconds to Read

Change the Apache Servername

HTTP header modifications can harden your Linux server and obfuscate sensitive data to make cyber reconnaissance harder for cyber attackers. It is for this reason that many Linux system administrators decide to change Apache servername HTTP header information. HTTP responses from your Apache server will include the following by default:

HTTP/1.1 200 OK
Date: Mon, 10 Sep 2021 16:01:11 GMT
Server: Apache/2.4.10 (Debian)

There are multiple ways to view a server’s HTTP headers. The easiest methods: SecurityHeaders.com, Observatory.Mozilla.org, or the command-line interface (CLI).

curl --head yourdomain.com
"curl --head" command results
wget --server-response --spider yourdomain.com
"wget --server-response --spider" command results

Read on to learn how to set a custom Apache servername.

Ensure you have root access to your Linux server and ModSecurity (mod_security) Apache module installed.

Change Apache Servername in HTTP Headers

cPanel VPS or dedicated server administrators should follow these steps:

  1. Log into WebHost Manager (WHM) as root.
  2. On the left, select “Apache Configuration.”
  3. Select “Global Configuration.”
  4. Set “Server Signature” to “Off.”
  5. Set “Server Tokens” to “Minimal.”
    WHM server signature and server tokens
  6. Select “Save” at the bottom.
  7. Select “Rebuild Configuration and Restart Apache.”
  8. Select “Terminal” on the left.
  9. Edit your ModSecurity user configuration file:
    nano /etc/apache2/conf.d/modsec/modsec2.user.conf
  10. It’s okay if the file is blank. Add the following lines, changing the custom server signature to your preference:
    ServerTokens OS

    SecServerSignature "CustomSecretiveName"
  11. Rebuild HTTPD:
    /scripts/rebuildhttpdconf
  12. Restart Apache:
    /scripts/restartsrv_httpd
  13. Check your Apache servername.
    curl --head localhost

    Updated Server results

The steps below are for non-cPanel servers.

  1. Log into SSH as root.
  2. Edit your Apache configuration file.
    CentOS:
    nano /etc/httpd/conf/httpd.conf
    Debian / Ubuntu:
    nano /etc/apache2/conf-enabled/security.conf
  3. Add or change the following lines as follows. For example, if ServerTokens OS is present, change “OS” to “Full.”
    SecRuleEngine on

    ServerTokens Full

    SecServerSignature "CustomSecretiveName"
  4. You can remove, or disable (#), the “ServerSignature” line if enabled.
  5. Save your changes.
  6. Restart Apache.
    CentOS:
    systemctl restart httpd
    Debian / Ubuntu:
    systemctl restart apache2
  7. Check your Apache servername.
    Updated Server results

Are you in the middle of a cybersecurity audit? Just looking for ways to better protect your digital assets? Learn more about server hardening with our Linux VPS security eBook.

If you don’t need cPanel, don't pay for it. Only pay for what you need with our scalable Cloud VPS Hosting.

check markCentOS, Debian, or Ubuntu check markNo Bloatware check markSSH and Root Access

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting
Related Articles
How to Add mod_expires to your .htaccess
View request type, URL, and response codes from Apache access log
How to Install the ModSecurity Apache Module
View level of traffic with Apache access log
How to Hide Your Apache Version and Linux OS From HTTP Headers
How to Enable HTTP/2 in Apache
Replace Apache Servername in HTTP Headers
Apache Codes
How to Add Apache Modules
How to Install Apache on CentOS 7

Was this article helpful? Join the conversation!

Need More Help?

Current Customers

Chat: Chat with Sales
Call: 757-416-6575 x2
Ticket: Submit a Support Ticket

Get Reliable Web Hosting

Chat: Chat with Sales
Email: [email protected]
Call: 757-416-6575 x1

Get web hosting that grows with your business. Our all-in-one hosting platform gives you everything your website needs to scale - so you can focus on the next big thing for you and your business.