BestHub
Sign in
Backend Development 2 min read

How to Conceal Server Version Information in Nginx, Apache, and Tomcat

This guide explains step‑by‑step how to modify source files and configuration settings in Nginx, Apache, and Tomcat to replace version strings with custom placeholders, then recompile or repack the binaries, effectively hiding server version details from clients.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
How to Conceal Server Version Information in Nginx, Apache, and Tomcat

Nginx

Edit src/core/nginx.h and replace the values of NGINX_VERSION and NGINX_VER with custom placeholders (e.g., "***"), then recompile Nginx.

#define NGINX_VERSION "1.18.0"      ===> "***"
#define NGINX_VER "nginx/" NGINX_VERSION ===> "***" NGINX_VERSION

Apache

Edit include/ap_release.h and change the definition of AP_SERVER_BASEPRODUCT to a custom string.

#define AP_SERVER_BASEVENDOR "Apache Software Foundation"
#define AP_SERVER_BASEPROJECT "Apache HTTP Server"
#define AP_SERVER_BASEPRODUCT "Apache"  ===> "******"

After recompiling, add the following directives to httpd.conf to suppress version information:

ServerSignature Off
ServerTokens Prod

Tomcat

Extract ServerInfo.properties from catalina.jar using the JDK jar command, edit the file to replace version values, then repack the JAR.

cd tomcat/lib
jar -xf catalina.jar org/apache/catalina/util/ServerInfo.properties

Modify the extracted file manually:

server.info=****
server.number=
server.built=

Re‑add the modified file to the JAR and clean up:

jar -uf catalina.jar org/apache/catalina/util/ServerInfo.properties
rm -rf org/
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

TomcatApachebackend configurationServer SecurityVersion Hiding
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment