Introduction

Your Web Server Identification is on the headers of every page server by it, so anyone can know which server and what version you are running, in an ideal world this may in no way harm you, but we know we are not in an ideal world, so publishing it is something like putting an ad in your front door, saying what kind and brand of alarm system you have.

Anyone with the right knowledge will know how to exploit your server's security holes if there is any, probably some you don't even know it is there. So maybe a good thing to do is, to fake that info, or at least hide the version of the server you are running.

What you can do, is publish a different server, so If you are running Apache you can publish Lighthttpd instead.

I'll let you know how to do it using Varnish.

Change your web server identification with Varnish

If you use Varnish in front of your web server, you can change the HTTP headers with it.

Edit the /etc/varnish/default.vcl or the file where you have your configuration, and in the sub vcl_fetch section add this lines:

unset beresp.http.Server;
set beresp.http.Server = "Lighthttpd Server";

Restart Varnish.

Get your web server identification

To get the identification and test your configuration, use curl

curl -I http://www.go2linux.org

(Change with your own home page, or any other page, in your server).

Here is how I've got with my Server

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sun, 15 May 2011 01:52:55 GMT
Vary: Accept-Encoding, Accept-Encoding
Server: Lighthttpd Server
cache-control: public, max-age=300
Content-Length: 28352
Date: Sun, 15 May 2011 15:24:54 GMT
X-Varnish: 1264507209 1264507175
Via: 1.1 varnish
Connection: keep-alive
age: 0
X-Cache: HIT
X-Cache-Hits: 2

Conclusion

You should always try to improve the security of your server, and this is just one more layer of security in your web server.