Apache不提供禁用服务器头,只能做做小处理。
ServerSignature Directive
Description: | Configures the footer on server-generated documents |
---|---|
Syntax: | ServerSignature On|Off|EMail |
Default: | ServerSignature Off |
Context: | server config, virtual host, directory, .htaccess |
Override: | All |
Status: | Core |
Module: | core |
The ServerSignature
directive allows the configuration of a trailing footer line under server-generated documents (error messages, mod_proxy
ftp directory listings, mod_info
output, ...). The reason why you would want to enable such a footer line is that in a chain of proxies, the user often has no possibility to tell which of the chained servers actually produced a returned error message.
The Off
setting, which is the default, suppresses the footer line. The On
setting simply adds a line with the server version number and ServerName
of the serving virtual host, and the EMail
setting additionally creates a "mailto:" reference to the ServerAdmin
of the referenced document.
The details of the server version number presented are controlled by the ServerTokens
directive.
See also
ServerTokens Directive
Description: | Configures the Server HTTP response header |
---|---|
Syntax: | ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full |
Default: | ServerTokens Full |
Context: | server config |
Status: | Core |
Module: | core |
This directive controls whether Server
response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.
ServerTokens Full
(or not specified)
Server sends (e.g.): Server: Apache/2.4.2 (Unix) PHP/4.2.2 MyMod/1.2
ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.4
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.4.2
ServerTokens OS
Server sends (e.g.): Server: Apache/2.4.2 (Unix)
This setting applies to the entire server, and cannot be enabled or disabled on a virtualhost-by-virtualhost basis.
This directive also controls the information presented by the ServerSignature
directive.
Setting ServerTokens
to less than minimal
is not recommended because it makes it more difficult to debug interoperational problems. Also note that disabling the Server: header does nothing at all to make your server more secure. The idea of "security through obscurity" is a myth and leads to a false sense of safety.
See also
Apache官方文档 :core - Apache HTTP Server Version 2.4
参考文档:如何在自己服务器关闭网站,如何在Apache网站服务器上关闭服务器签名_心理咨询师清晨的博客-CSDN博客