Use mod_headers to hide server info.

You can turn off sensitive information like the Apache version using the ServerTokens and ServerSignature settings in your httpd.conf. I don't think you need to install a whole new module (mod_headers) if this is all you wish to achieve this.

 

It depends on how much of the information you wish to hide. See the Apache documentation for options: http://httpd.apache.org/docs/1.3/mod/core.html#serversignature

We like using the following (near the top of httpd.conf):

Code:

ServerTokens Minimal
ServerSignature Off

Remember to restart Apache for the changes to take effect

 

I am sorry, may advice was wrong. What I explained was how to change the (invisible) header included with every HTTP response. You are looking for something else...

You can change the content of the error pages for an account by logging into its cPanel and using the Error pages function. Alternatively you can edit the relevant files in public_html (in this case 404.shtml) directly.

 

if you have mod_security installed, add this to your modsec.user.conf and set servertokens to full, that way it will display "YourStringHere" instead of the usual apache stuff.

(Obviously change YourStringHere to whatever you want it to show as)

Code:

SecServerSignature "YourStringHere"

 

it shouldnt be showing the perl versions either, should litterally be the string you set.

having looked at my httpd.conf, I dont actually have the servertokens option set at all and only have ServerSignature On

I distinctly remember having to have servertokens set to full for this to work with apache 1.3, obviously the same doesnt apply with 2.2, my servers litterally return only the custom string I added, none of the module names or versions, so you might want to try removing the servertokens setting