Hide Apache version information on error pages

About this task

By default, Apache HTTP server discloses the Apache version number in HTTP response headers and Apache error pages. This information can reveal valuable details to an attacker about possible vulnerabilities in the software. If you are using Apache HTTP Server, Guidewire recommends that you customize your installation to not return this information.

Procedure

  1. Open the Apache HTTP server httpd.conf file, located in the conf directory.
  2. Change ServerSignature to Off.
  3. Change ServerTokens to Prod.
  4. Save httpd.conf.
  5. Restart the Apache HTTP Server.