How to set mod_security with Apache to hide the server information

Using the latest Apache version is desirable in order not to protect your webserver. The hiding webserver information certainly does not help to get rid of vulnerabilities but will complicate the work of the attacker. In order to hide the version of Apache, you can put the module libapache-mod-security, which will hide all unnecessary. Mod security is a free Web Application Firewall (WAF) that works with Apache, Nginx, and IIS. It supports a flexible rule engine to perform simple and complex operations and comes with a Core Rule Set (CRS) which has rules for SQL injection, cross-site scripting, Trojans, bad user agents, session hijacking and a lot of other exploits.

For Apache, it is an additional module that makes it easy to install and configure. You can install it by running:

sudo apt-get install libapache2-mod-security2

Run the command below to enable security2 module

sudo a2enmod security2

And edit the configuration, change or add lines to the file /etc/apache2/conf-available/security.conf :

ServerTokens Prod
ServerSignature Off
TraceEnable Off

Restart the Apache :

service apache2 restart