Modify Apache ServerTokens to your Custom Value Using Mod_Security Module

I can view any server software any site is using. Cool ye? Why not be unpredictable! I like being unpredictable 😉 View your current or any site’s server software by visiting here

In normal case, Apache ServerTokens cannot be modified but with Mod_Security it can be 🙂 I will show steps below:

In this post I assume you have installed Apache and running Ubuntu 14.04

  • Let’s install mod_security module into apache
    $ sudo apt-get update
    $ sudo apt-get install libapache2-modsecurity
  • Done with installation, now let’s create the .conf file for Apache to include it in it’s configuration files
    cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

    Reload Apache

    $ sudo service apache2 reload

    then let’s check if the module is installed and ready by checking our log files

    ls /var/log/apache2

    if you find modsec_audit.log then you are good to go 🙂

  • Time to change the ServerToken, we are only changing ServerToken here so am not going into details to Mod_Security Module 🙂 . Now I wouldn’t want to tamper your Apache existing conf files, lets create a separate one to do this stuff
    $ sudo nano /etc/apache2/sites-enabled/my-conf.conf

    then paste in these

    SecServerSignature Don_Jajo
    ServerTokens Full

    change Don_Jajo to your custom ServerToken and Reload Apache again.

  • And we are done! 🙂 Test it by clicking here and inputting your site name then view name of the Server Software or get this Firefox AddOn and stay with it 🙂