Hi,
Apache token is one of the options for securing your web server. Let me explain you the options here.
Apache token is generally found in apache main configuration file httpd.conf if it is not present never mind, you can simply add it “eg:ServerTokens Prod”
Syntax for ServerTokens is
ServerTokens Major|Minor|Min|Prod|OS|Full
The five options will differ from each other. I will explain them one by one.
ServerTokens Full
=============
When the above option is set, the server will send the full information to the remote host.
Information sent will be
Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2
which is a big security hole and it is not recommended, because hackers can look for the security holes in Apache 2.0.41, PHP4.2.2 and unix operating systems and can easily hack the server.
ServerTokens OS
============
When the above option is set, the server will send the Web server version and the operating system version.
Information sent will be
Server: Apache/2.0.41 (Unix)
This is also an security issue as the remote user will try to hack the server with security holes in the webserver version and operating system.
ServerTokens Min
============
When the above option is set, the server will send the Web server’s full version number like Apache2.0.41
Information sent will be
Server: Apache/2.0.41
This is also an security issue as the remote user will try to hack the server with security holes in Apache2.0.41 versions.
ServerTokens Minor
==============
When the above option is set, the server will send the Web server’s minor version number like Apache version2.0
Information sent will be
Server: Apache/2.0
This is also an security issue as the remote user will try to hack the server with security holes in Apache 2.0 versions.
ServerTokens Major
==============
When the above option is set, the server will send the Web server’s minor version number like Apache version2
Information sent will be
Server: Apache/2
This is also an security issue as the remote user will try to hack the server with security holes in Apache 2 version.
ServerTokens Prod
=============
When the above option is set, the server will send the Web server’s name alone, which is recommended as the hacker will not have a clue of which version of Apache is running in the server and also which operating system is used.
Information sent will be
Server: Apache
I would recommend to use this option to avoid unwanted exploitation of your server information.
Reference: http://www.debianhelp.co.uk
Related Posts
shell script to delete /tmp files linux leaving eacclarator folder
script to notify high server load | linux script for monitoring server
shell script to find linux memory process usage
MySQL root password reset linux
echo 0 proc sys kernel hung_task_timeout_secs disables this message
the ip address of a physical server cannot be used with its parallels power panel port number
There are some interesting closing dates in this article but I don? know if I see all of them heart to heart. There may be some validity however I’ll take hold opinion till I look into it further. Good article , thanks and we want extra! Added to FeedBurner as nicely
It? actually a nice and helpful piece of information. I? glad that you just shared this useful information with us. Please keep us informed like this. Thank you for sharing.
This is the proper blog for anyone who needs to search out out about this topic. You realize a lot its almost arduous to argue with you (not that I truly would want?aHa). You positively put a new spin on a topic thats been written about for years. Nice stuff, just nice!
Spot on with this write-up, I truly suppose this web site needs much more consideration. I?l most likely be once more to learn far more, thanks for that info.
Hello my family member! I want to say that this article is awesome, great written and include approximately all vital infos. I? like to see extra posts like this .
What? Going down i am new to this, I stumbled upon this I have found It absolutely useful and it has helped me out loads. I am hoping to contribute & aid other users like its aided me. Good job.
I? not that much of a online reader to be honest but your blogs really nice, keep it up! I’ll go ahead and bookmark your site to come back later. Cheers