Disguise Apache to prevent Web Server intrusion

I used to write a blog post about how to disguise nginx versions to prevent web Server intrusion. After that, a friend asked me if apache has the same method. The answer is yes. Write this article today to answer this question.

Learn more: disguise Nginx version to prevent Web Server intrusion

Download the apachesource code. I use 2.2.256. decompress the tarxzvfhttpd-2.2.25.tar.gz file.

Vim httpd-2.2.25/include/ap_release.h, modified to the following content

This is a headerfile with the apache version number.

The rest is the compilation and installation, the simplest Parameter

./Configure -- prefix =/usr/local/apache & make install

Modify the configuration file/usr/local/apache/conf/httpd. conf and add the following content:

Start apache

/Usr/local/apache/bin/apachectl start

Access any nonexistent page

We can see that the banner version of the web server is Microsoft's IIS7.0, rather than apache2.2.25.

Not yet, because experienced hackers still see the style of the 404 page, which is obviously not the IIS style. Of course, you can choose to modify/usr/local/apache/conf/httpd again. conf file

In the preceding example, the banner version is completely hidden and not displayed.

Of course, these will make experienced hackers recognize that this is the default 404 page of apache, so do it yourself, the best way is to copy IIS7.0's default 404 html code as the apache server's 404 page.

Then modify the/usr/local/apache/conf/httpd. conf file.

Finally, let's look at the effect and try again.

Haha, it's totally disguised as Microsoft 403. Don't forget to modify the and other pages together.