Web server default banners are when web servers like Apache, Nginx, and others are configured to show their server type, version number, and operating system. Hackers can use a simple method to get this information. This information is sent in the headers of the HTTP request and looks like this:
HTTP/1.1 200 OK Date: Thu, 12 Jun 2014 14:15:01 GMT Server: Apache/2.2.21 (Win32) PHP/5.4.7 Content-Length:226 Connection: close Content-Type: text/html; charset=iso-8859-1
Malicious hackers can use this information to launch targeted attacks on your website. Your webserver should have these banners turned off.
Turn off banners on Apache
Changing the following configuration in the httpd.conf file will turn off the version number:
ServerTokens Prod
or
ServerSignature Off
Turn off banners on Nginx
You can limit the information that Nginx presents by creating/editing the following directive in nginx.conf. Find the http section, which defines configurations for the HttpCoreModule. Uncomment (remove the # symbol) or add the following directive:
erver_tokens off;
Turning off the default web banners helps mask the server and version number of your current webserver. This gives malicious hackers less information to work with and keeps you safer.
Talk to a Progress Coordinator to see how they can help secure your site
