Changing Apache Server Name To Whatever You Want With mod_security On Debian 6

Want to support HowtoForge? Become a subscriber!
 
Submitted by rayanfarmad (Contact Author) (Forums) on Fri, 2012-02-10 15:58. :: Debian | Web Server | Apache | Security

Changing Apache Server Name To Whatever You Want With mod_security On Debian 6

Autor: Alireza Razavi Farmad
RayanFarmad Linux Professional Services Co. <info[at]rayanfarmad[dot]ir>

With over 70% of all attacks now carried out over the web application level, organisations need every help they can get in making their systems secure. Web application firewalls are deployed to establish an external security layer that increases security, detects, and prevents attacks before they reach web applications. One of the simple and basic tip to secure your server is that give at least information about your OS type, which services you run, what packages is installed, which version of packages your server uses and any other information which can simples the gathering information step for hackers.

In this tutorial I want to focus on how to change the Apache server name to whatever you want, so you can give your own name or sentence to Apache server headers that are sent to whois programs or websites, for example you can type "YTS","GWS" or "Microsoft-IIS/7.0" to misguide the hacker to guess which Linux OS or which version of Apache you are using.

I have installed "Domain Details" extension for my firefox in these examples and also on the internet there are very useful web sites such as domaintools.com or netcraft.com which help us gathering some information from a remote server.

 

How To Get Web Server’s Name

If you install "DomainDetails" extension in Firefox you can see it in the Add-on bar, and it will give the webserver name and IP address of each website you are visiting.

See the images below:

In the above example you can see that this extension can give the hacker simple but useful information about which webserver is installed and also in the last picture we see the version of Apache.

I see many servers that use old versions of Apache2 which had some security vulnerability that must be patched or upgraded on servers, but they don't mention this, so with this simple information hackers will save more time and achieve their goals faster.

 

How Can I Hide Or Change Apache Web Server Details?

With the default Apache2 configuration we just can hide the apache version. It can be done as below:

# su root
# vi /etc/apache2/conf.d/security

ServerTokens Prod

See the result:

But the question is how to change the Apache name like this:

Is it possible to change the Apache name to "Microsoft-IIS/7.0" or "foo.bar.com"? 

1-

2-

3-

The answer is: Yes!

This can be done with the powerfull Mod Security Web application firewall rules. The configuration is very simple.

So let me start:

Note: I assume that you have a running Apache web server.

# apt-get update
# apt-get install libapache-mod-security

Be sure that mod-security module is enabled.

# a2enmod mod-security

You should see a message like this:

Module mod-security already enabled

# vi /etc/apache2/conf.d/security

In about line 27 serach for ServerTokens and change it to:

ServerTokens Full

In about line 39 search for ServerSignature and change it to:

SecServerSignature RayanFarmad_HTTP_Server

Note: you can type whatever you want after SecServerSignature.

Reload the Apache configuration file:

# /etc/init.d/apache2 reload

You are done! I hope this tutorial will be useful for you.

 

Links

1- Mod Security Official website: http://www.modsecurity.org/

2- Debian: http://www.debian.org


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by dynamind (registered user) on Mon, 2013-05-13 14:58.

You can clean up the output of the server header like

Server: YourServerName mod_fcgid/2.3.6 mod_python/3.3.1 Python/2.7.3

setting

   ServerTokens OS

After restarting with apachectl -k graceful you'll find the output looks clear now

   Server: YourServerName

without any module info appended. ; )

best regards

Submitted by Zerogiven (not registered) on Fri, 2013-03-08 00:30.
I would hide the php version too :)

 

vi /etc/php5/apache2/php.ini

expose_php On

to

expose_php Off 

Submitted by Anonymous (not registered) on Sun, 2012-07-22 13:21.

Do you want to check this?

 curl -I my.server.com

Submitted by Anonymous (not registered) on Mon, 2012-07-09 14:21.
eg: Apache that is not installed but extracted to a subdirectory. Normally you would have to edit httpd.conf and then restart the process.