Apache安全优化之隐藏版本号

December 02, 2025

部署了apache之后，我们应该从安全还是性能角度，在apache服务上线之前，对其做诸多的优化调试才行。隐藏版本号这种操作是最最基础需要做的，因为黑客可以扫描出apache版本信息，可以查看对应的版本信息的漏洞，然后发起攻击。

🧭 现象

➜  ~ curl -I http://192.168.217.137/
HTTP/1.1 403 Forbidden
Date: Fri, 05 Dec 2025 08:51:04 GMT
Server: Apache/2.4.62 (Rocky Linux)
Last-Modified: Sat, 17 May 2025 02:45:05 GMT
ETag: "1dc4-6354be2d9ae40"
Accept-Ranges: bytes
Content-Length: 7620
Content-Type: text/html; charset=UTF-8

🛠️ 配置

# Rockylinux yum 安装的apache配置修改
[root@localhost conf]# vim /etc/httpd/conf/httpd.conf 
...
ServerTokens Prod
ServerSignature Off
...
[root@localhost conf]# systemctl restart httpd

# Debian13 apt安装的apache配置修改
root@sahre:~# ls /etc/apache2/conf-enabled/security.conf 
...
ServerTokens Prod
ServerSignature Off
...
root@sahre:~#  systemctl reload apache2

🗂️ 验证

➜  ~ curl -I http://192.168.217.137/
HTTP/1.1 403 Forbidden
Date: Fri, 05 Dec 2025 08:54:56 GMT
Server: Apache
Last-Modified: Sat, 17 May 2025 02:45:05 GMT
ETag: "1dc4-6354be2d9ae40"
Accept-Ranges: bytes
Content-Length: 7620
Content-Type: text/html; charset=UTF-8