Hey Darragh, Checkout http://httpd.apache.org/docs/1.3/mod/core.html#serversignature for your 1.3 servers, and http://httpd.apache.org/docs/2.0/mod/core.html#serversignature for your 2.0 server.
Also, then check out the ServerTokens directive too. Hope this helps, Scott. Darragh Gammell wrote: > Hi > > Recently we had a a security audit, one of the issues stated was that > our servers report too much information which hackers can use. > > see output from a netcraft site report. > > > > > > OWNER IP OS WebServer > OWNER 123.123.123.123 <http://123.123.123.123> Linux Apache > OWNER 123.123.123.123 <http://123.123.123.123> Linux Apache/2.0.54 > Ubuntu PHP/5.0.5-2ubuntu1 mod_ssl/2.0.54 OpenSSL/0.9.7g > OWNER 123.123.123.123 <http://123.123.123.123> Linux Apache/1.3.34 > Debian PHP/5.1.2 mod_gzip/1.3.26.1a mod_ssl/2.8.25 OpenSSL/0.9.8a > mod_perl/1.29 DAV/1.0.3 > OWNER 123.123.123.123 <http://123.123.123.123> Linux Apache/1.3.33 > Debian GNU/Linux PHP/5.0.4 mod_gzip/1.3.26.1a mod_ssl/2.8.22 > OpenSSL/0.9.7d mod_perl/1.29 DAV/1.0.3 > OWNER 123.123.123.123 <http://123.123.123.123> Linux Apache/1.3.31 > Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.19 OpenSSL/0.9.7d > mod_perl/1.29 DAV/1.0.3 > OWNER 123.123.123.123 <http://123.123.123.123> Linux Apache/1.3.29 > Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.16 OpenSSL/0.9.7c > mod_perl/1.29 DAV/1.0.3 > OWNER 123.123.123.123 <http://123.123.123.123> Linux Apache/1.3.29 > Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.16 OpenSSL/0.9.7c > DAV/1.0.3 > OWNER 123.123.123.123 <http://123.123.123.123> Linux Apache/1.3.27 > Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.14 OpenSSL/0.9.7b > DAV/1.0.3 > OWNER 123.123.123.123 <http://123.123.123.123> Linux Apache/1.3.27 > Unix Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.14 OpenSSL/0.9.7b > DAV/1.0.3 > OWNER 123.123.123.123 <http://123.123.123.123> Linux Apache/1.3.27 > Unix Debian GNU/Linux mod_gzip/1.3.26.1a mod_ssl/2.8.14 OpenSSL/0.9.7a > DAV/1.0.3 > > > Does anyone know how to configure apache not to give this information > out in its http replies. > > Thanks in advance > > Darragh >