Closed ivomarino closed 7 years ago
% curl -I http://localhost
HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 08 Dec 2016 17:22:44 GMT
X-Varnish: 1583101892
Age: 0
Via: 1.1 varnish
Server: Apache
is still there, to remove it we must install mod_security
like written here https://unix.stackexchange.com/questions/124137/change-apache-httpd-server-http-header but this would have other impacts which must be evaluated.
With the mod_security approach, you can disable all of the module's directives/functions in the modsecurity.conf file, and leverage only the server header ID directive without any additional "baggage."
But yeah, the current setting is enough for now.
@ivomarino need to re-provision?
We don't want to show, per default, Apache version, PHP version and OS Version, this implies:
expose_php = Off
ServerTokens Prod
ServerSignature Off