How to Hide Apache2 and PHP version without using mod_security in Ubuntu Linux

Although security by obscurity is not the best policy to protect your IS assets, but it is still useful to thwarts simple network scanner or newbie crackers.

Note: This tip is written for Ubuntu Linux, the steps is similar to other GNU/Linux distro, albeit with a slight variant.

Hiding Apache2 version
Edit /etc/apache2/apache2.conf

Add these lines at the end of the file:
ServerSignature Off
ServerTokens Prod

Restart Apache2
[bash]
sudo /etc/init.d/apache2 restart
[/bash]

Hiding PHP version
Edit /etc/php5/apache2/php.ini file

Find these lines, and switch it off:
expose_php = Off
display_errors = Off

Additionally you may disable certain ‘risky’ functions in php by editing the disable_functions line:
disable_functions = phpinfo, system,show_source,

Finally, you may restart Apache2 web server.
[bash]
sudo /etc/init.d/apache2 restart
[/bash]

How to solve Apache – Could not reliably determine the server’s fully qualified name – error in Ubuntu

Apache2 web server will almost always display this information message :
"Could not reliably determine the server's fully qualified name"
when it is first started in Ubuntu and Debian server.

The reason behind this message is because the web server fails to find the suitable domain name in the system.

How to remove the message
First, you need to edit “/etc/hosts” file and put your server name of choice in the file. For example:

127.0.0.1 server.mylocal

Then you need to add “ServerName” directive in the “/etc/apache2/apache2.conf” file.

ServerName server.mylocal

Finally, restart the web server for the changes to take effect. You will notice that the information message is gone now.

$ sudo service apache2 restart

How to make JavaME .jar files downloadable from Apache Web Server

Mobile application developers may have realize that one of the best (and recommended) way to distribute their JavaME/J2ME application is by hosting it on a website. This makes it easier for potential users to navigate and download the .jad or .jar files from their phone browsers and to execute it directly.

However, some web servers are not configured to handle .jar / .jad file requests, eventually leading to failed install response received by the mobile users.

To remedy this, .jad / .jar files need to be associated with the correct MIME type. In Apache, you can do this by creating ‘.htaccess’ file in your web directory, and inserting these lines :

# JavaME
AddType text/vnd.sun.j2me.app-descriptor .jad
AddType application/java-archive .jar

Afterwards, safe the file. The web server should behave accordingly when requests are made to either of these files. For other web servers, please refer to their respective manual or online-help on how to change document MIME type.