ServerSignature is HTTP header information that is sent by a (the) web server. This information includes server version, operating system and the installed modules on the server, hackers might exploit this information for vulnerabilities. Here is how ServerSignature can be disabled:
How to see Whether Server Signature is on or off
If you access a page (URL) on your server that does not exist, you should get a “Not Found” page. If you get a message on the page similar to "Apache Server at yourdomain.com Port 80" it means that server signature is on, and you need to disable it. (See Picture Below)
![ServerSignature is on](/dat/news/2997.jpg)
Disable ServerSignature
Before starting, try to open a URL on the server that you know does not exist
1. Login to SSH as root
2. Find conf file. On an ubuntu server it should be located here: /etc/apache2/apache2.conf.
Run command: sudo vi /etc/apache2/apache2.conf
3. Add the following to the file:
ServerSignature Off
ServerTokens Prod
4. Now you need to restart apache: sudo service apache2 restart
This is all you need to do.
ConfirmServerSignature is turned off
Accessing a page that does not exist will not return "Apache Server at yourdomain.com Port 80". See before and after samples below
![Server Signature is off](/dat/news/2998.jpg)