Web security server

hello guyz
i went to /etc/httpd/conf/httpd.conf file and i have added these at the end
Server Tocken Prod
ServerSignature off
and i restarted httpd by command systemctl restart httpd.service

now how do i check the version is disabled for Q.no1 and what are the next steps for Qno2.
kindly help i am confused
@player001
@swaroopcs88
@Salim

thanks

could you try as per this url and see if it helps?
https://www.tecmint.com/hide-apache-web-server-version-information/

let me know if you still have any questions.

thanks
Swaroop

curl -I http://your-ip:port
and try in web browser as well.

Port is 8080 right and how to check this in web browser? I don’t understand.
@player001

Ya using the same thing I added server tocken prod and server signature off in the end and saved and restarted and when I check https -v I can still see the apache version.
@swaroopcs88

You can see a option right side of terminal. Where you can display the port and redirect to URL.

@player001

Hi Tej,
other than updating the this settings.


am I supposed to update any other things in httpd.conf file.
before updating the httpd.conf apache version and os details were seen in curl results.

after updating:

however, task was failed with this error message.

am I supposed to make any changes with respect to the section b of the question.
Because I didn’t make any changes with respect to that. Please check and advise.
Thanks
Swaroop

@Inderpreet @kodekloud-support3
Please check and advise what was the mistake I did.
Thank you

You have to disable directory listing as well by adding following inputs.
From

<Directory /var/www/html/news >
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

To

<Directory /var/www/html/news >
        Options FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
1 Like

Thank you @player001 Tej

1 Like


Hi @swaroopcs88 @player001 after doing the necessary steps when i went to verify using display port it shows me connecting to port 80 as the page is forbidden.
Is this what is expected as end result . Pls advice.

Hi @player001 Tej,

To hide the directory listing, is it good to make the above changes in /etc/httpd/conf/httpd.conf

or create .htaccess in the specific directory and add option

Options -Indexes

Go with /etc/httpd/conf/httpd.conf, if in the question no hint for .htaccess.

hi @akshayyw

i got the same page as you received during testing and my task is success for the same. What about you?

Regards,
Yogendra