On some host (debian testing), I am running Apache and tried to add ServerSignature Off ServerTokens Prod
to /etc/apache2/apache2.conf in order to silence Apache a bit. http://www.mydigitallife.info/2007/07/22/improve-apache-web-server-security-use-servertokens-and-serversignature-to-disable-header/ Even after issuing /etc/init.d/apache2 restart does it not work. By not work I mean, if I navigate to some page that actually does not exist, Apache still shows the entire "Apache/2.2.11 (Debian) Server at localhost Port 80" message. Can anybody confirm this or enlighten me? I already checked ... no bug filed for this as of now.
pgp46jK02S7bs.pgp
Description: PGP signature