Changing Apache Server Name To Whatever You Want With mod_security On Debian 6

Autor: Alireza Razavi Farmad
RayanFarmad Linux Professional Services Co. <info[at]rayanfarmad[dot]ir>

With over 70% of all attacks now carried out over the web application level, organisations need every help they can get in making their systems secure. Web application firewalls are deployed to establish an external security layer that increases security, detects, and prevents attacks before they reach web applications. One of the simple and basic tip to secure your server is that give at least information about your OS type, which services you run, what packages is installed, which version of packages your server uses and any other information which can simples the gathering information step for hackers.

In this tutorial I want to focus on how to change the Apache server name to whatever you want, so you can give your own name or sentence to Apache server headers that are sent to whois programs or websites, for example you can type "YTS","GWS" or "Microsoft-IIS/7.0" to misguide the hacker to guess which Linux OS or which version of Apache you are using.

I have installed "Domain Details" extension for my firefox in these examples and also on the internet there are very useful web sites such as domaintools.com or netcraft.com which help us gathering some information from a remote server.

How To Get Web Server’s Name

If you install "DomainDetails" extension in Firefox you can see it in the Add-on bar, and it will give the webserver name and IP address of each website you are visiting.

See the images below:

In the above example you can see that this extension can give the hacker simple but useful information about which webserver is installed and also in the last picture we see the version of Apache.

I see many servers that use old versions of Apache2 which had some security vulnerability that must be patched or upgraded on servers, but they don't mention this, so with this simple information hackers will save more time and achieve their goals faster.

How Can I Hide Or Change Apache Web Server Details?

With the default Apache2 configuration we just can hide the apache version. It can be done as below:

# su root
# vi /etc/apache2/conf.d/security

ServerTokens Prod

See the result:

But the question is how to change the Apache name like this:

Is it possible to change the Apache name to "Microsoft-IIS/7.0" or "foo.bar.com"? 

1-

2-

3-

The answer is: Yes!

This can be done with the powerfull Mod Security Web application firewall rules. The configuration is very simple.

So let me start:

Note: I assume that you have a running Apache web server.

# apt-get update
# apt-get install libapache-mod-security

Be sure that mod-security module is enabled.

# a2enmod mod-security

You should see a message like this:

Module mod-security already enabled

# vi /etc/apache2/conf.d/security

In about line 27 serach for ServerTokens and change it to:

ServerTokens Full

In about line 39 search for ServerSignature and change it to:

SecServerSignature RayanFarmad_HTTP_Server

# /etc/init.d/apache2 reload