How to change Apache's 'Server:' header without mod_security? - PhpOut

Exampleperson
January 31, 2021
125 views
0 votes
2 Answers

How to change Apache’s Server: header without mod_security?

I do not want to use mod_security because I don’t have anything else to do with it. And it is a useless overhead for me.

Instead, what should I change in the Apache’s source? I usually use Apache compiled from source.

I am using Apache version 2.4.46.

Tags: apache http-headers

Answers

Chosen as BEST ANSWER
- Exampleperson
- January 31, 2021 at 2:12 pm
- 0 votes
0
To change Apache's Server: header, change the following in the source code:

Change the file /path/to/httpd-2.4.46/include/ap_release.h:

Go to the line like:
```
...
#define AP_SERVER_BASEPROJECT "Apache HTTP Server"
#define AP_SERVER_BASEPRODUCT "Apache"
...
```
And change it to anything, like:
```
...
#define AP_SERVER_BASEPROJECT "Apache Something My Server"
#define AP_SERVER_BASEPRODUCT "Apache My Server"
...
```
And then compile apache, and you are good!

Also, make sure to follow the license that is provided with it. Questions about license here are off-topic.

(Edit)

- bostrt
- January 9, 2023 at 6:08 pm
- 0 votes
0
I understand not using mod_security to change a single header so you may want to give https://github.com/bostrt/mod_serverheader#installation a try. It’s under 100 lines of code and runs one hook at startup of Apache HTTPD so very low overhead.

mod_serverheader provides a single directive that lets you completely overwrite the Server header, for example:
```
LoadModule serverheader_module modules/mod_serverheader.so
ServerHeader my-server
```
Then, when someone accesses your website they will see:
```
# curl -I http://example.com/
HTTP/1.1 200 OK
Server: my-server
Content-Length: 8
Content-Type: text/html; charset=iso-8859-1
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.