Apache隐藏版本号及其它敏感信息

摘要: 安装完apache一般第一时间都是关闭apache的版本信息和其他信息，一些黑客会通过apache暴露出来的信息针对性的入侵，为了服务器的安全这些信息一定要及时关闭



默认显示



修改后显示

1. 隐藏Apache信息

1.1 主配置中启用httpd-default.conf
文件： conf/httpd.Conf
找到httpd-default.conf，删除前面的注释“#”，改成如下

Include conf/extra/httpd-default.conf

1.2 修改httpd-default.conf
文件：conf/extra/httpd-default.conf
找到

ServerTokens Full

改成

ServerTokens Prod

找到

ServerSignature On

改成

ServerSignature off

完成

最终如下（文件：conf/extra/httpd-default.conf）

#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Prod
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature Off

说明：
1、ServerSignature出现在Apache所产生的像404页面、目录列表等页面的底部。
2、ServerTokens目录被用来判断Apache会在Server HTTP响应包的头部填充什么信息。
如果把ServerTokens设为Prod，那么HTTP响应包头就会被设置成：Server：Apache