chore: Turn off server signature

[microamp]

Fixes #5

Testing locally with the existing settings, accessing a resource that doesn't exist

curl -XGET http\://localhost\:80/hello.txt

returns 404 with the following content

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.52 (Ubuntu) Server at localhost Port 8080</address>
</body></html>

However, with ServerSignature Off explicitly set, it returns

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>

without

<hr>
<address>Apache/2.4.52 (Ubuntu) Server at localhost Port 8080</address>

It appears to me that ServerSignature wasn't Off before, even though that is the default value according to https://httpd.apache.org/docs/current/mod/core.html#serversignature.

Default:  ServerSignature Off

If the issue persists after this change, we may need to configure custom error responses for 403, 404, etc. See also: https://httpd.apache.org/docs/current/custom-error.html

P.S. The second commit is only optional, as in our case, it's going to be server: cloudflare in the response header. It's a good practice nonetheless.

EDIT: Syntax highlight for HTML blocks.

[kesara]

If we want to take an extra step forward we should have a custom 404 page. From the 404 template it is easy to guess that server is running Apache.

[microamp]

If we want to take an extra step forward we should have a custom 404 page. From the 404 template it is easy to guess that server is running Apache.

Thanks. We can do something very generic like

ErrorDocument 403 "Forbidden"
ErrorDocument 404 "Not Found"