Modify Apache ServerTokens to your Custom Value Using Mod_Security Module
I can view any server software any site is using. Cool ye? Why not be unpredictable! I like being unpredictable 😉 View your current or any site’s server software by visiting here
In normal case, Apache ServerTokens cannot be modified but with Mod_Security it can be 🙂 I will show steps below:
In this post I assume you have installed Apache and running Ubuntu 14.04
- Let’s install mod_security module into apache
$ sudo apt-get update $ sudo apt-get install libapache2-modsecurity
- Done with installation, now let’s create the .conf file for Apache to include it in it’s configuration files
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Reload Apache
$ sudo service apache2 reload
then let’s check if the module is installed and ready by checking our log files
ls /var/log/apache2
if you find modsec_audit.log then you are good to go 🙂
- Time to change the ServerToken, we are only changing ServerToken here so am not going into details to Mod_Security Module 🙂 . Now I wouldn’t want to tamper your Apache existing conf files, lets create a separate one to do this stuff
$ sudo nano /etc/apache2/sites-enabled/my-conf.conf
then paste in these
SecServerSignature Don_Jajo ServerTokens Full
change Don_Jajo to your custom ServerToken and Reload Apache again.
- And we are done! 🙂 Test it by clicking here and inputting your site name then view name of the Server Software or get this Firefox AddOn and stay with it 🙂
James John
Software Engineer
