Turning off ServerSignature on Ubuntu Server with Plesk

November 12, 2014

ServerSignature is HTTP header information that is sent by a (the) web server. This information includes server version, operating system and the installed modules on the server, hackers might exploit this information for vulnerabilities. Here is how ServerSignature can be disabled:

How to see Whether Server Signature is on or off

 
If you access a page (URL) on your server that does not exist, you should get a “Not Found” page. If you get a message on the page similar to "Apache Server at yourdomain.com Port 80" it means that server signature is on, and you need to disable it. (See Picture Below)
 
 ServerSignature is on

Disable ServerSignature

Before starting, try to open a URL on the server that you know does not exist
1. Login to SSH as root
2. Find conf file. On an ubuntu server it should be located here: /etc/apache2/apache2.conf.
Run command: sudo vi /etc/apache2/apache2.conf
3.  Add the following to the file:
ServerSignature Off
ServerTokens Prod
4. Now you need to restart apache: sudo service apache2 restart
 
This is all you need to do.
 

ConfirmServerSignature is turned off

Accessing a page that does not exist will not return  "Apache Server at yourdomain.com Port 80". See before and after samples below
 
 Server Signature is off