Skip to content

Instantly share code, notes, and snippets.

@brunoleles

brunoleles/README.md

Last active March 24, 2022 23:22
Show Gist options
  • Save brunoleles/aa3cc8291a45ab6a5d9ae1910230a673 to your computer and use it in GitHub Desktop.
Save brunoleles/aa3cc8291a45ab6a5d9ae1910230a673 to your computer and use it in GitHub Desktop.
Download ZIP
Modify Apache2 Server Header (Ubuntu)
Raw
README.md

Modify Apache 2 Server Header

Check if mod_security2

$> ls -lah /etc/apache2/mods-available/ | egrep "security"
-rw-r--r-- 1 root root  551 Mar 24 22:43 security2.conf
-rw-r--r-- 1 root root   91 Sep 28  2017 security2.load

Install if not installed

$> sudo apt update
$> sudo apt install libapache2-modsecurity

Enable conf_security and mod_security2

$> sudo a2enconf security
$> sudo a2enmod security2

Edit conf security

nano /etc/apache2/conf-enabled/security.conf

Uncomment or set ServerTokens configuration to "Full"

# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#ServerTokens Minimal
#ServerTokens OS
ServerTokens Full

Changing the server header dosen't work if ServerTokens is "Prod"

Explanation: https://mod-security-users.narkive.com/LppmHRtr/secserversignature-is-not-working#post4

Edit /etc/apache2/mods-enabled/security2.conf

$> sudo nano /etc/apache2/mods-enabled/security2.conf

Add these lines inside <IfModule security2_module> (preferable at the botton)

    SecRuleEngine on

    ServerTokens Full

    SecServerSignature "Anything_Yout_hearts_Desire"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment