By default, Nginx and Apache versions are displayed when you query HTTP headers. Website security is very important for any system or website administrator. For security reasons, it is recommended to hide the Nginx and Apache versions to make it harder for attackers to know what vulnerabilities can be exploited on your server.

In this post, we will show you how to hide Apache and Nginx versions on Oracle Linux 8.

Step 1 – Verify Apache and Nginx Header Details

By default, Apache and Nginx will show the version on error pages and in the response header. You can check it using the CURL command:

curl --head http://localhost

You should see the Apache version information in the following output:

HTTP/1.1 200 OK
Date: Thu, 11 Aug 2022 10:41:33 GMT
Server: Apache/2.4.37 (Oracle Linux)
Last-Modified: Thu, 11 Aug 2022 09:01:12 GMT
ETag: "1600b-5e5f368464e7a"
Accept-Ranges: bytes
Content-Length: 90123
Content-Type: text/html; charset=UTF-8

To check the Nginx version information, run the following command:

curl --head http://localhost

You should see the Nginx version details in the following output:

HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Thu, 11 Aug 2022 10:44:36 GMT
Content-Type: text/html
Content-Length: 3949
Last-Modified: Thu, 19 Sep 2019 18:38:36 GMT
Connection: keep-alive
ETag: "5d83cb2c-f6d"
Accept-Ranges: bytes

Step 2 – Hide Apache Version

To hide the Apache version, you will need to edit the Apache configuration file and add the line “ServerTokens Prod”:

nano /etc/httpd/conf/httpd.conf

Add the following line at the end of the file:

ServerTokens Prod

Save and close the file, then restart the Apache service to apply the changes:

systemctl restart httpd

Next, check the Apache header using the following command:

curl --head http://localhost

You should see that there is no version shown:

HTTP/1.1 200 OK
Date: Thu, 11 Aug 2022 10:42:25 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2022 09:01:12 GMT
ETag: "1600b-5e5f368464e7a"
Accept-Ranges: bytes
Content-Length: 90123
Content-Type: text/html; charset=UTF-8

Step 3 – Hide Nginx Version

To hide the Nginx version, you will need to edit the Nginx configuration file and add the line “server_tokens off”:

nano /etc/nginx/nginx.conf

Add the following line after http {:

server_tokens off;

Save and close the file, then restart the Nginx service to apply the changes:

systemctl restart nginx

Next, check the Nginx header using the following command:

curl --head http://localhost

You should see that there is no version shown:

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 11 Aug 2022 10:48:21 GMT
Content-Type: text/html
Content-Length: 3949
Last-Modified: Thu, 19 Sep 2019 18:38:36 GMT
Connection: keep-alive
ETag: "5d83cb2c-f6d"
Accept-Ranges: bytes

Conclusion

In this tutorial, we explained how to hide the Apache and Nginx version on Oracle Linux 8. Hiding the Apache and Nginx version is one of the methods to protect your web server. You can now easily hide your Apache and Nginx versions in the production environment. Try it on dedicated hosting from Atlantic.Net!