PCI Scan Apache/2 header

[ssgill]

Hello, our pci scan test result flagged that apache server signature is showing Apache/2
According to the report it should be advertised just as "Apache"

expose php off
my server version is "Apache/2.4.62"

/etc/httpd/conf/extra/httpd-default.conf ( Comments removed )

Timeout 60
ProxyTimeout 1800
ProxyErrorOverride off
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 2
UseCanonicalName Off
AccessFileName .htaccess
ServerTokens Prod
ServerSignature Off
HostnameLookups Off
<IfModule reqtimeout_module>
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</IfModule>

TraceEnable Off
<IfModule mod_headers.c>
RequestHeader unset Proxy early
</IfModule>
<IfModule Litespeed>
CacheRoot /home/lscache/
</IfModule>

Anything that i need in addition to this for getting headers to only show Apache
Thanks

 

[Richard G]

ServerTokens Prod
ServerSignature Off

Those 2 should fix it for you.

However, chances are this file will be overwritten on an apache update. So best is to do it the official way via custom directory.

Customizing Apache | Directadmin Docs

DirectAdmin Knowledge Base

docs.directadmin.com