apache hide version and php hide version linux
From http://www.debianadmin.com/apache-tipshide-apache-information-php-software-version.html
Apache Tips:Hide Apache Information & PHP software version
Posted by Admin on March 1st, 2007
By default, Apache will send version and modules information (e.g., mod_php, mod_perl, mod_ssl) in every HTTP header.
If you want to view Apache web server version and sofware of a remove server you follow this procedure
telnet www.example.com 80
Trying www.example.com.com…
Connected to www.example.com.
Escape character is ‘^]’.
HEAD / HTTP/1.0 <- after this press 2 times ENTER
HTTP/1.1 200 OK
Date: Fri, 09 Jan 2007 18:18:26 GMT
Server: Apache/2.0.55 (Debian) PHP/5.1.2-1+b1 mod_ssl/2.0.55 OpenSSL/0.9.8b
Connection: close
Content-Type: text/html; charset=UTF-8
Connection closed by foreign host.
In the above example it is showing all the details about your web server and php this is not recommended for security reasons.We need to hide this information with the following procedure.
Hide Apache Information
To hide the information, add the following two apache directives in Apache configuration file /etc/apache2/apache2.conf
ServerTokens ProductOnly
ServerSignature Off
Now you need to restart your web server using the following command
#/etc/init.d/apache2 restart
Now the output for apache header looks like below
Server: Apache
Hide PHP Version Details
If you want to hide the PHP version you need to edit the /etc/php4/apache/php.ini(For php4 users) file and /etc/php5/apache/php.ini (For php5 users)
Change the following option
expose_php On
to
expose_php Off
Now you need to restart your web server using the following command
#/etc/init.d/apache2 restart
After making this change PHP will no longer add it’s signature to the web server header.
If you are running php from cli against a php file, the output is a html file (as seen by a browser). In some distributions (like Debian) the php-cli is controlled by a different php.ini file (/etc/php[4,5]/cli/php.ini).
Apache Tips:Hide Apache Information & PHP software version
Posted by Admin on March 1st, 2007
By default, Apache will send version and modules information (e.g., mod_php, mod_perl, mod_ssl) in every HTTP header.
If you want to view Apache web server version and sofware of a remove server you follow this procedure
telnet www.example.com 80
Trying www.example.com.com…
Connected to www.example.com.
Escape character is ‘^]’.
HEAD / HTTP/1.0 <- after this press 2 times ENTER
HTTP/1.1 200 OK
Date: Fri, 09 Jan 2007 18:18:26 GMT
Server: Apache/2.0.55 (Debian) PHP/5.1.2-1+b1 mod_ssl/2.0.55 OpenSSL/0.9.8b
Connection: close
Content-Type: text/html; charset=UTF-8
Connection closed by foreign host.
In the above example it is showing all the details about your web server and php this is not recommended for security reasons.We need to hide this information with the following procedure.
Hide Apache Information
To hide the information, add the following two apache directives in Apache configuration file /etc/apache2/apache2.conf
ServerTokens ProductOnly
ServerSignature Off
Now you need to restart your web server using the following command
#/etc/init.d/apache2 restart
Now the output for apache header looks like below
Server: Apache
Hide PHP Version Details
If you want to hide the PHP version you need to edit the /etc/php4/apache/php.ini(For php4 users) file and /etc/php5/apache/php.ini (For php5 users)
Change the following option
expose_php On
to
expose_php Off
Now you need to restart your web server using the following command
#/etc/init.d/apache2 restart
After making this change PHP will no longer add it’s signature to the web server header.
If you are running php from cli against a php file, the output is a html file (as seen by a browser). In some distributions (like Debian) the php-cli is controlled by a different php.ini file (/etc/php[4,5]/cli/php.ini).
Comments