The following tutorial will provide you with the steps required to disable server information on folder list pages and any of the error pages. The following screenshot shows what I am talking about.
I will be showing how I did this on Ubuntu Server 14.04.4 LTS.
This information can provide a hacker with the versions of software installed on your server. Depending on your configuration, PHP information is shared as well. Lets go ahead and get this secured.
First we want to open the apache2.conf in our favorite text editor.
sudo nano /etc/apache2/apache2.conf
Next, we will add a few lines to the end of the config.
ServerSignature Off ServerTokens Prod
We will now want to restart Apache.
sudo service apache2 restart
On a folder page or error code page you will see the version information is now gone. Unfortunately PHP still sends version information in the page header. To turn that off we need to edit one more config.
sudo nano /etc/php5/apache2/php.ini
Change the expose_php from “On” to “Off”. You will need to find the line in the php.ini file.
expose_php = Off
We can now save the file and restart Apache.
sudo service apache2 restart
We are done! Version numbers will no longer be view-able.
If you have any questions, please use the comments bellow!