Apache's "Server" header

[random1]

Hi All,

 

I have added:

 

ServerTokens ProductOnly
ServerSignature Off

 

to the bottom of my httpd.conf file and it limits the 'Server' header to "Apache".

 

Is there a way that I can set it to my own text?

[corbin]

I'm sure mod_security or mod_headers could do it.

 

 

 

Just wondering, why do you want to change it?

 

 

 

(You could also edit the Apache source code to change it....)

[random1]

I'm trying to hide the fact that I'm using Apache (for security reasons).

 

The website I have is a high security portal for really important data.

 

I want to set it to something else meaningful within my company.

[trq]

Is there a way that I can set it to my own text?

 

Im not sure you can do it without hacking and then recompiling apache.

 

core.c is where the action takes place if your keen.

[corbin]

Not sure why knowing it's Apache would be a security concern....  But I was just asking because I was wondering if you had some weird, illegitimate reason for changing it ;p.

[trq]

I just made a patch that should create this functionality for 2.2.11 if your interested. It compiles fine but I haven't installed to test it.

[corbin]

Just for irony, you could make it say IIS.  MWA HAHAHAHA

[random1]

Thanks all