Issue: Banner grabbing performed on web server via port 80, reveals apache version
How to fix this issue?
Open the terminal and do the following as root:
Edit the apache configuration file.
vim /etc/httpd/conf/httpd.conf
In Mac OS X:
vim /etc/apache2/extra/httpd-default.conf
Find the ServerSignature directive.
In the vim editor, press [ESC] and type ServerSignature
This will locate where the said directive is.
By default, it is set to On. Now, change it to Off.
ServerSignature Off
Find the ServerTokens directive.
In the vim editor, press [ESC] and type ServerTokens
Set this to Prod
ServerTokens Prod
Save and exit from the editor by pressing [ESC] and typing wq.
Restart apache.
service httpd restart
or
/etc/init.d/httpd restart
In Mac OS:
apachectl -k restart
Having this two directives set makes sure no one can get your server version using the banner grabbing side of enumeration.
Reblogged this on Sutoprise Avenue, A SutoCom Source.