During a penetration test you open a TCP connection to a target's web server on port 80 and manually issue a HEAD / HTTP/1.0 request. The reply includes the header line:
From a secureāconfiguration standpoint, which change in the Apache configuration would best stop disclosing this detailed product and version information to potential attackers?
Reduce the "Timeout" directive to 10 seconds to limit request duration.
Set "ServerTokens Prod" and disable "ServerSignature" in httpd.conf to suppress banner details.
Lower the "MaxRequestWorkers" value to restrict simultaneous client connections.
Add "KeepAlive Off" in apache2.conf to close idle connections immediately.
The Server header is generated by Apache's core module. By default it may reveal the exact version of Apache and compiled-in modules, giving attackers useful reconnaissance data for version-specific exploits. Setting the directive "ServerTokens Prod" limits the header to the single word "Apache", while "ServerSignature Off" removes version strings from automatically generated error pages and directory listings. Together these directives minimize banner information leakage. Tweaking KeepAlive, Timeout, or MaxRequestWorkers improves performance or resource usage but does not affect the contents of the Server response header.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the 'ServerTokens Prod' directive in Apache?
Open an interactive chat with Bash
How does the 'ServerSignature Off' directive enhance security?
Open an interactive chat with Bash
Why is the detailed server banner information considered a security risk?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .