If I test against the front end(s) normally (and this works the same on stand alone servers, I easily expose the PHP and Apache versions (even the Operating System on which they run).

telnet frontend1.host.com 80
GET / HTTP/1.0
Date: Tue, 03 Aug 2010 21:54:32 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.4
Vary: Accept-Encoding
Content-Length: 1118
Content-Type: text/html; charset=ISO-8859-1
Cache-control: private
Set-Cookie: SERVERID=i-22348348; path=/
Connection: close

I'd like to get rid of the Server: details and X-Powered-By: details. You probably should upgrade your application environment and your web servers regularly to remain current and secure. But, there are reasons for hiding this information and I'll not impune them here, instead simply address the desired outcome.

In cloud computing or when using HA Proxy or something similar, front ends and app servers need to both receive the update. The front ends do not shelter the application details printed by the application servers.

I edit /etc/httpd/conf/httpd.conf (in certain Linux distributions, locate httpd.conf):

ServerTokens ProductOnly
ServerSignature Off

I set the Apache configuration to present the smallest possible ServerToken and turned off ServerSignature to further block details regarding the Apache server and its host.

I edited /etc/php.ini and added:
expose_php = Off

Now you simply restart Apache.

BSD: /usr/local/etc/rc.d/apache restart
Red Hat: service httpd restart
Other Linux(es): apachectl -k graceful