Blog
![Masking Your Web Server's Identity](https://blog.pint.com/wp-content/uploads/2007/07/masking-your-web-servers-identity.jpg)
Masking Your Web Server’s Identity
If you’ve never taken a look at the HTTP response headers your web server is sending out, you might be a little surprised at what you find; by default both Apache and IIS give out more information than most people would think.
Here is an example of the default apache header:
Server=Apache/2.2.0 (Unix) mod_ssl/2.2.0 OpenSSL/0.9.7a
Now that may be fine internally but I don’t know if I’m comfortable announcing that information to everyone who stumbles across my web server on the Internet. By adding a couple directives to the Apache config file:
ServerTokens ProductOnly
ServerSignature Off
…then restarting Apache, you get the following now:
Server=Apache
OK, that’s a bit better but if we really want to mask our identity we’ll have to change more than headers. Revealing information leaks out on numerous levels; protection at the application layer is a great start but don’t forget about the lower TCP/IP protocol layer. Ensuring your firewall is blocking the appropriate ports is a critical but it won’t ensure that a hacker won’t be able to determine your OS by your TCP/IP fingerprint. For more information, check out Port 80 Software’s Server Mask.
Related Articles
![](https://blog.pint.com/wp-content/uploads/2023/04/accessibility-banner.jpg)
Accessibility on the Modern Web
There’s been a lot of buzz in the news lately about accessibility, specifically in reference to the dozens of ADA lawsuits that seem to be more and more...
![](https://blog.pint.com/wp-content/uploads/2020/07/visual-regression.png)
Automated Visual Regression Testing
What is automated visual regression testing? The name sounds scary, but in reality, the idea is fairly simple. If you have a user interface (UI),...
![](https://blog.pint.com/wp-content/uploads/2020/04/auto-testing-2.jpg)
Automated Testing Tool Comparisons
Automated testing is rapidly gaining popularity across the web development field, and as expected, the number of automated testing tools is growing rapidly as well....