Change web server identification with Varnish
Follow @ggarronIntroduction
Your Web Server Identification is on the headers of every page server by it, so anyone can know which server and what version you are running, in an ideal world this may in no way harm you, but we know we are not in an ideal world, so publishing it is something like putting an ad in your front door, saying what kind and brand of alarm system you have.
Anyone with the right knowledge will know how to exploit your server's security holes if there is any, probably some you don't even know it is there. So maybe a good thing to do is, to fake that info, or at least hide the version of the server you are running.
What you can do, is publish a different server, so If you are running Apache you can publish Lighthttpd instead.
I'll let you know how to do it using Varnish.
Change your web server identification with Varnish
If you use Varnish in front of your web server, you can change the HTTP headers with it.
Edit the /etc/varnish/default.vcl or the file where you have your configuration, and in the sub vcl_fetch section add this lines:
unset beresp.http.Server; set beresp.http.Server = "Lighthttpd Server";
Restart Varnish.
Get your web server identification
To get the identification and test your configuration, use curl
curl -I http://www.go2linux.org
(Change with your own home page, or any other page, in your server).
Here is how I've got with my Server
HTTP/1.1 200 OK Content-Type: text/html Last-Modified: Sun, 15 May 2011 01:52:55 GMT Vary: Accept-Encoding, Accept-Encoding Server: Lighthttpd Server cache-control: public, max-age=300 Content-Length: 28352 Date: Sun, 15 May 2011 15:24:54 GMT X-Varnish: 1264507209 1264507175 Via: 1.1 varnish Connection: keep-alive age: 0 X-Cache: HIT X-Cache-Hits: 2
Conclusion
You should always try to improve the security of your server, and this is just one more layer of security in your web server.