: This article describes how to hide the version numbers of Nginx, Apache, and PHP. For more information about PHP tutorials, see. When hackers intrude into a server, they will first "Step On". Here "Step On" refers to understanding the details of some services running on the server, such as the version number, when hackers know the version number of the service, they can find some vulnerabilities in the service version to intrude into and attack the service. Therefore, we need to hide these versions to avoid unnecessary problems.
Let's test it.
insoz:~ insoz$ curl -I http://127.0.0.1/phpinfo.phpHTTP/1.1 200 OKServer: nginx/1.5.0Date: Thu, 18 Jun 2015 02:39:32 GMTContent-Type: text/htmlConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/5.3.1
We can see that the nginx and php versions of our servers are exposed. let's look at the hidden methods.
First, let's look at how to hide the version number in nginx:
Add the following code to the nginx. conf configuration file:
server_tokens off;
How to hide the version number in apache:
Add the following code to the apache configuration file httpd. conf:
ServerTokens ProdServerSignature Off
Let's take a look at how to hide the version number in php:
Add the following code to the php configuration file php. ini:
expose_php = Off
Okay. after modification, restart the service. let's test it again:
insoz:~ insoz$ curl -I http://127.0.0.1//phpinfo.phpHTTP/1.1 200 OKServer: nginxDate: Thu, 18 Jun 2015 02:41:47 GMTContent-Type: text/htmlConnection: keep-aliveVary: Accept-Encoding
The above describes how to hide the version numbers of Nginx, Apache, and PHP, including some content. if you are interested in the PHP Tutorial, you will be helpful.