Ansgar> These settings are set in /etc/apache2/conf.d/security. Changing it Ansgar> there works here. (If you set them in apache2.conf, I suppose you Ansgar> would have to set them after the include directive for conf.d.) Right ... that stuff lives in /etc/apache2/conf.d/security since Lenny now. I simply did not know -- it was in /etc/apache2/apache2.conf before. Below are my settings which, after restarting Apache, should make Apache a lot less verbose: ,----[ changes applied to a pristine Apache installation ] | wks-ve10:/etc/apache2# grep -v \# conf.d/security | grep . | ServerTokens Prod | ServerSignature Off | TraceEnable Off | wks-ve10:/etc/apache2# grep conf.d apache2.conf | Include /etc/apache2/conf.d/ | wks-ve10:/etc/apache2# dpkg -l apache2-mp* | grep ii | ii apache2-mpm-worker 2.2.11-5 Apache HTTP Server - high speed threaded mod | wks-ve10:/etc/apache2# lsb_release -ric | Distributor ID: Debian | Release: testing | Codename: squeeze | wks-ve10:/etc/apache2# `---- As the box topic implies, I did not do anything else -- I just installed apache2-mpm-worker and then made the changes as it can be seen above and restarted. Now, if I try to visit a site that actually does not exist, I should get the less verbose information because of ServerSignature Off and ServerTokens Prod. Well, I should but nothing changes here. What am I missing? @Ansgar You did exactly the same things I as shown above yes?
Description: PGP signature