Recommended VPS Complete list of best VPS hosting providers.

How To Change Apache Server Name To Any Name You Want

This tutorial will guide you how to change Apache default server header name to anything you want so you can trick visitors or just to show off. The word “any” here I mean any name you can use. You can simply change Apache to Nginx, LightTpd, LiteSpeed or even your own name like Sawiyati. The purpose is to trick anyone who wish to peek what kind of web server you are using. For you who even didn’t know yet how to peek someone’s website to find out what kind of web server used, I told you the two easiest ways:

#1 – Using CentralOps

Go visit CentralOps.net, type the domain name or ip address of the website or server you wish to find out what kind of web server it is running on port 80 (http) then tick mark the “Service Scan” option.  Finally hit the Go button.

centralops domain scan

The result, you’ll not only see what kind of Web Server a website is running but also its FTP server and mail transfer protocol (SMTP, POP3 and IMAP):

result

#2 – Using Firefox Addon: Domain Details

If you are using Firefox as your favorite wen browser, you can install additional addon called “Domain Details” which you can download here. This addon displays Server Type, Headers, IP Address, Location Flag, and links to Whois Reports. Shows links to check server status and cache when page fails to load.

doamin detail

And if you clicked on the Web Server name, it will display another popup window with all other HTTP header details:

server header

Change Apache Server Header Using ModSecurity

Installing Mod_Security module is good not only to add additional protection for your server but also give you some other advanced options. One of cool stuff is ability to change, hide, or I may say mask original server header. Shortly, we can change Apache name to whatever name you like.

Step 1 – Setup your server with LAMP Stack (CentOS / Ubuntu)

Step 2Install ModSecurity with OWASP SCR module.

Step 3 – Now edit ModSecurity-CRS config file. I use my favorite editor, Nano:

nano /etc/httpd/modsecurity-crs/modsecurity_crs_10_config.conf

Step 4 – Then add this line in the Rule Version (basically anywhere but I prefer to put it there):

SecServerSignature your-own-name

change “your-own-name” with whatever name you like. Example:

change apache server name

Once done save that file. Or if you are also using Nano, hit Control+O then Control+X.

Step 5 – Finally restart your Apache web server service:

service httpd restart

That’s it. Now test it again and it is now showing your defined name instead of Apache.

servermom http server

p.s: You can change Apache server header name to / replace it with other HTTP server name like Nginx, Lighttpd or LiteSpeed just to trick / to fool anyone who want to peek your server header. But however clever attacker can simply test your site with several error-ism method. Apache, Nginx, Lighttpd, and LiteSpeed each has its own unique error message (error: 404, 403, etc.).

Note

In order for this directive to work you must leave/set ServerTokens to Full.

Also the tutorial above done in CentOS server. Other Distro can simply adjust the command and directives.

3 Comments

Add a Comment

Your email address will not be published. Required fields are marked *

Get more stuff like this
in your inbox

Subscribe and get interesting stuff plus faster updates to your email.