# How to Disable Apache Version Number Disclosure on FileWave Server

## What

FileWave Server can expose Apache version details in its HTTP response headers by default. This article shows how to reduce that disclosure so the server reports only `Apache` instead of the full component and version string.

## When/Why

Use this when you want to reduce unnecessary version disclosure on a FileWave Server. Exposing detailed version information can make targeted reconnaissance easier, so tightening the Apache response is a reasonable hardening step.

```
Date: Fri, 14 Jul 2023 00:05:55 GMT
Server: Apache/2.4.57 (Unix) OpenSSL/3.0.9 mod_wsgi/4.9.4 Python/3.10
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Content-Length: 362

```

The example above shows the kind of response header Apache can return before this hardening change is applied. Revealing version numbers can potentially expose the server to targeted attacks, as this information helps attackers focus their efforts.

## How

1. SSH into your FileWave server. If you are unsure how to do this, contact FileWave Technical Support.
2. Open `/usr/local/filewave/apache/conf/httpd_custom.conf` in a text editor, for example:

```
sudo vi /usr/local/filewave/apache/conf/httpd_custom.conf

```

3. Add these lines to the file:

```
ServerTokens Prod
ServerSignature Off

```

4. Save the file.
5. Restart Apache:

```
fwcontrol apache restart

```

After the restart, a new header check should return a shorter `Server` header similar to this:

```
HTTP/1.1 400 Bad Request
Date: Fri, 14 Jul 2023 00:11:38 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Content-Length: 362

```

**Related link:**

- [FileWave Technical Support](https://help.filewave.com)