Hello: I am trying to reduce the amount of information given out when someone tries to Banner Grab for Version information. I read that "ServerToken" directive in httpd.conf file will limit the amount of information given out. First off I didn't find the "ServerToken" in the httpd.conf with a search. So I added it in the Global Setting section (where I found it on RedHat box). Set it to "ServerToken Prod" or "OS" or "Min" no quotation marks of course. I found "ServerSignature On" changed it to "Off", restarted httpd, and then ran "HEAD / HTTP/1.0" and it still comes back with HEAD / HTTP/1.0 200 OK Content-Length: 720 Content-Type: text/html Last-Modified: Wed, 11 May 2005 20:16:21 GMT Client-Date: Tue, 31 May 2005 04:49:32 GMT 404 Not Found Date: Tue, 31 May 2005 04:31:44 GMT Server: Apache/2.0.49 (Unix) PHP/4.3.9 # How do I get rid of this an say something else Content-Length: 1335 Content-Type: text/html; charset=ISO-8859-1 Client-Date: Tue, 31 May 2005 04:49:33 GMT Client-Response-Num: 1 Proxy-Connection: close X-Cache: MISS from firewall.domainname X-Powered-By: PHP/4.3.9 # How do I get rid of this and say something else I guess my question should be what controls the amount of information given out ServerTokens, ServerSignature, or something else? And to configure these items do I make my changes in the httpd.conf, or httpd.conf.SuSEconfig, or in /etc/sysconfig/apache? Which file and variable controls what gets displayed. I have made changes to SeverTokens and ServerSignature in httpd.conf and httpd.conf.SuSEconfig, and HTTPD_SEC_SAY_FULLNAME directive to "no" in /etc/sysconfig/apache at different times and then restarted the httpd with rchttpd restart, and then did the "HEAD / HTTP/1.0" from the command line and I always get the above with no changes. What AM I DOING WRONG? Any help here would be appreciated. Thanks: Steve