Six Basic Options You Will Need To Configure Apache Server Tokens

Six Basic Options To Configure Apache Server Tokens

In this post, you will learn about the six basic options you will need to configure Apache Server Tokens. These options are quite different from each other and the security of the server depends on how you set this up.

Apache token is generally found in the Apache main configuration file “httpd.conf”. If you don’t find it, never mind, you can simply add it. Example: ServerTokens Prod

The syntax for ServerTokens is:

ServerTokens Major|Minor|Min|Prod|OS|Full

The six options will differ from each other and this article explains them in detail along with our recommendation on the usage of the same.

ServerTokens Full

When the above option is set, the server will send the full information to the remote host. Information sent will be:

Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

which is a big security hole and it is not recommended, because hackers can look for the security holes in Apache 2.0.41, PHP4.2.2 and Unix operating systems and can easily hack the server.

ServerTokens OS

When the above option is set, the server will send the Web server version and the operating system version. Information sent will be:

Server: Apache/2.0.41 (Unix)

This is also an security issue as the remote user will try to hack the server with security holes in the webserver version and operating system.

ServerTokens Min

When the above option is set, the server will send the Web server’s full version number like Apache2.0.41. Information sent will be “Server: Apache/2.0.41”. This is also an security issue as the remote user will try to hack the server with security holes in Apache2.0.41 versions.

ServerTokens Minor

When the above option is set, the server will send the Web server’s minor version number like Apache version2.0. Information sent will be “Server: Apache/2.0”. This is also an security issue as the remote user will try to hack the server with security holes in Apache 2.0 versions.

ServerTokens Major

When the above option is set, the server will send the Web server’s minor version number like Apache version2. Information sent will be “Server: Apache/2”. This is also an security issue as the remote user will try to hack the server with security holes in Apache 2 version.

ServerTokens Prod

When the above option is set, the server will send the Web server’s name alone, which is recommended as the hacker will not have a clue of which version of Apache is running in the server and also which operating system is used. Information sent will be “Server: Apache”. We would recommend to use this option to avoid unwanted exploitation of your server information.

If you feel this is tricky and you can’t take any risk in configuring the Apache server tokens, our Linux experts can assist you in getting this fixed at a pocket-friendly price. All you need to do is to contact us and we’ll take care of the rest.