Hide PHP version and Apache version method summary _php Tutorial

Source: Internet
Author: User
Tags ranges
Today found using webmaster tools or some related tools can directly see the server using the PHP version number and the Apache version number, this is not safe for the site, if there are problems with these versions of some people can directly take care of, below we look at the hidden version of the method, Unfortunately, under Windows I haven't found a solution yet.

Hide PHP Version

For security reasons, it is best to hide the PHP version to avoid some of the attacks caused by PHP version vulnerabilities.

1, hide PHP version is to hide "X-powered-by:php/5.2.13″ this information."

The method is simple:

Edit the php.ini configuration file, modify or join: expose_php = Off Save and restart the appropriate Web server such as Nginx or Apache.

The code is as follows Copy Code

[ROOT@BKJZ/]# curl-i www.bKjia.c0m
http/1.1 OK
Server:nginx
Date:tue, 05:45:13 GMT
content-type:text/html; Charset=utf-8
Connection:keep-alive
Vary:accept-encoding

The PHP version has been completely hidden.

Hide Apache Version number


In general, the software's vulnerability information is related to a specific version, so the version number of the software is valuable to the attacker.

By default, the Apache version of the module is displayed (HTTP return header information). If the directory is listed, the Domain name information (the file list body) is displayed, such as:

The code is as follows Copy Code

[Root@localhost tmp]# curl-i 192.168.80.128:88
http/1.1 403 Forbidden
date:wed, Jul 13:09:33 GMT
server:apache/2.2.15 (CentOS)
Accept-ranges:bytes
content-length:5043
Connection:close
content-type:text/html; Charset=utf-8

Hidden methods:

1, the way to hide the Apache version number is to modify the Apache configuration file, such as the Redhat system Linux default is:

The code is as follows Copy Code

Vim/etc/httpd/conf/httpd.conf

Search for keywords Servertokens and serversignature, respectively, and modify:

Servertokens OS modified to Servertokens productonly

Serversignature on modified to Serversignature OFF

2. Restart or reload Apache.

The code is as follows Copy Code

Apachectl restart

Test it as follows:

The code is as follows Copy Code

[Root@localhost tmp]# curl-i 192.168.80.128:88
http/1.1 403 Forbidden
date:wed, Jul 13:23:22 GMT
Server:apache
Accept-ranges:bytes
content-length:5043
Connection:close
content-type:text/html; Charset=utf-8

The version number and operating system information are already hidden.

3, the above method is installed by default Apache, if the installation is compiled, you can also modify the source code to compile the method:

Go to the Include directory under the Apache source directory and edit the Ap_release.h file, and you will see the following variables:

The code is as follows Copy Code

#define Ap_server_basevendor "Apache software Foundation"
#define Ap_server_baseproject "Apache HTTP SERVER"
#define AP_SERVER_BASEPRODUCT "Apache"

#define Ap_server_majorversion_number 2
#define Ap_server_minorversion_number 2
#define Ap_server_patchlevel_number 15
#define Ap_server_devbuild_boolean 0

You can modify or hide the version number and name according to your preference.

How to hide the Apache and PHP version numbers under Windows I haven't found it yet, I find it will be updated below.

http://www.bkjia.com/PHPjc/632828.html www.bkjia.com true http://www.bkjia.com/PHPjc/632828.html techarticle today found using webmaster tools or some related tools can directly see the server using the PHP version number and the Apache version number, so for the website is very unsafe, if this ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.