Hide PHP version and Apache version method summary _php Tutorial

Today found using webmaster tools or some related tools can directly see the server using the PHP version number and the Apache version number, this is not safe for the site, if there are problems with these versions of some people can directly take care of, below we look at the hidden version of the method, Unfortunately, under Windows I haven't found a solution yet.

Hide PHP Version

For security reasons, it is best to hide the PHP version to avoid some of the attacks caused by PHP version vulnerabilities.

1, hide PHP version is to hide "X-powered-by:php/5.2.13″ this information."

The method is simple:

Edit the php.ini configuration file, modify or join: expose_php = Off Save and restart the appropriate Web server such as Nginx or Apache.

The code is as follows	Copy Code
[ROOT@BKJZ/]# curl-i www.bKjia.c0m http/1.1 OK Server:nginx Date:tue, 05:45:13 GMT content-type:text/html; Charset=utf-8 Connection:keep-alive Vary:accept-encoding

The PHP version has been completely hidden.

Hide Apache Version number

In general, the software's vulnerability information is related to a specific version, so the version number of the software is valuable to the attacker.

By default, the Apache version of the module is displayed (HTTP return header information). If the directory is listed, the Domain name information (the file list body) is displayed, such as:

The code is as follows	Copy Code
[Root@localhost tmp]# curl-i 192.168.80.128:88 http/1.1 403 Forbidden date:wed, Jul 13:09:33 GMT server:apache/2.2.15 (CentOS) Accept-ranges:bytes content-length:5043 Connection:close content-type:text/html; Charset=utf-8

Hidden methods:

1, the way to hide the Apache version number is to modify the Apache configuration file, such as the Redhat system Linux default is:

The code is as follows	Copy Code
Vim/etc/httpd/conf/httpd.conf

Search for keywords Servertokens and serversignature, respectively, and modify:

Servertokens OS modified to Servertokens productonly

Serversignature on modified to Serversignature OFF

2. Restart or reload Apache.

The code is as follows	Copy Code
Apachectl restart

Test it as follows:

The code is as follows	Copy Code
[Root@localhost tmp]# curl-i 192.168.80.128:88 http/1.1 403 Forbidden date:wed, Jul 13:23:22 GMT Server:apache Accept-ranges:bytes content-length:5043 Connection:close content-type:text/html; Charset=utf-8

The version number and operating system information are already hidden.

3, the above method is installed by default Apache, if the installation is compiled, you can also modify the source code to compile the method:

Go to the Include directory under the Apache source directory and edit the Ap_release.h file, and you will see the following variables:

The code is as follows	Copy Code
#define Ap_server_basevendor "Apache software Foundation" #define Ap_server_baseproject "Apache HTTP SERVER" #define AP_SERVER_BASEPRODUCT "Apache" #define Ap_server_majorversion_number 2 #define Ap_server_minorversion_number 2 #define Ap_server_patchlevel_number 15 #define Ap_server_devbuild_boolean 0

You can modify or hide the version number and name according to your preference.

How to hide the Apache and PHP version numbers under Windows I haven't found it yet, I find it will be updated below.

http://www.bkjia.com/PHPjc/632828.html www.bkjia.com true http://www.bkjia.com/PHPjc/632828.html techarticle today found using webmaster tools or some related tools can directly see the server using the PHP version number and the Apache version number, so for the website is very unsafe, if this ...

