# Cannot file  ServerSignature Off ServerTokens Prod



## momaydopod (Apr 27, 2015)

I must to do this URL http://www.tecmint.com/apache-security-tips/

For set security  but when I:
`# vi /usr/local/etc/apache22/httpd.conf`

When I search _/ServerSignature_ and _/ServerTokens Prod_ system show "pattern not found".


----------



## gkontos (Apr 27, 2015)

It is in: /usr/local/etc/apache22/extra/httpd-default.conf


----------



## SirDice (Apr 28, 2015)

gkontos said:


> It is in: /usr/local/etc/apache22/extra/httpd-default.conf


Keep in mind this file is not included by default. Look at the bottom of httpd.conf, you'll see several 'extra' configurations (including this one), most are disabled.


----------



## momaydopod (Apr 30, 2015)

SirDice said:


> Keep in mind this file is not included by default. Look at the bottom of httpd.conf, you'll see several 'extra' configurations (including this one), most are disabled.



That you mean, in httpd.conf have above syntax such as  ServerSignature, ServerTokens Prod right? But this syntax is disabled. If I need to edit and improve security of my webserver. Please advise me.


----------



## SirDice (Apr 30, 2015)

I suggest reading up on configuring Apache if you want to improve security as it's pretty simple.

At the bottom of httpd.conf enable the include:

```
# Various default settings
Include etc/apache22/extra/httpd-default.conf
```
Then edit /usr/local/etc/apache2[24]/extra/httpd-default.conf. There you'll find ServerTokens and ServerSignature.


----------



## momaydopod (May 10, 2015)

OK thank very much, I can do it and modify that file already.

When I telnet to my web.

`telnet 172.16.40.100 80`
`GET / HTTP/1.1`
Reply

```
HTTP/1.1 302 Found
Date: Mon,27 Apr
Server: Apache
X-Powered-By: PHP/5.3.8
Location :  /th
```

If I don't want to show information of "Server" and "X-Powered-By"  .  How to edit configure file in apache22?

I know edit file php.ini


```
expose_php = Off
```


----------

