Hide Php,apache,varnish,nginx version information in the browser

Source: Internet
Author: User
Tags varnish

The General browser displays information about the server execution script or server version, such as:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6D/D1/wKiom1VsJvPTpdFaAAHeQPMkoQ0036.jpg "title=" Qq20150601173259.jpg "alt=" Wkiom1vsjvptpdfaaaheqpmkoq0036.jpg "/>

While this facilitates debugging viewing, it exposes too much information about the server. Practical applications are best to close this information. Prevent those who have ulterior motives from doing damage.

PHP Stealth Method:

Document Address: http://php.net/manual/zh/ini.core.php#ini.expose-php

Modify PHP.ini

expose_php on

Change into

expose_php OFF

Restart the server. If there is no effect, you need to check if the modified php.ini is the current PHP-loaded configuration file.

Varnish Hidden methods:

Modify the DEFAULT.VCL configuration file.

Locate or add the Vcl_deliver subroutine with the following code:

Sub Vcl_deliver {unset resp.http.Via;//varnish display version information by default unset resp.http.x-varnish;  Varnish default set resp.http.server= "No-server"; Backend server version information, such as: apache/2.4.4 (Win64)}

The first two lines of code is to delete the varnish default information header, the last line is to modify the backend server header, restart varnish

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6D/DA/wKiom1VtT16x6ZHxAAGvVcPrCkY214.jpg "title=" Qq20150602143750.jpg "alt=" Wkiom1vtt16x6zhxaagvvcprcky214.jpg "/>

Of course, you can also delete the Server display,

Set resp.http.server= "No-server";

Revision changed to

Unset resp.http.Server;

In the Vcl_deliver subroutine, you can modify the Add response header information arbitrarily, so there is varnish in the server and the back-end server does not need to modify the hidden configuration.

Apache Stealth Method:

Document Address: Http://httpd.apache.org/docs/2.2/mod/core.html#servertokens

After the 2.0.44 version, modify the http.conf servertokens directive:

Servertokens Prod[uctonly]
The server will send (for example): Server:apache

Servertokens Major
The server will send (for example): SERVER:APACHE/2

Servertokens Minor
The server will send (for example): server:apache/2.0

Servertokens Min[imal]
The server will send (for example): server:apache/2.0.41

Servertokens OS
The server will send (for example): server:apache/2.0.41 (Unix)

Servertokens full (or unspecified)
The server will send (for example): server:apache/2.0.41 (Unix) php/4.2.2 mymod/1.2

This setting acts on the entire server and cannot be used in the configuration segment of the virtual host.

Modify the value of the servertokens as needed, and then restart the server.

Nginx Hiding method:

Modify nginx.conf Add the following code to the file and modify it if it exists

Server_tokens off;

Restart the server to

This article is from the "gangbusters" blog, make sure to keep this source http://php2012web.blog.51cto.com/5585213/1657501

Hide Php,apache,varnish,nginx version information in the browser

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.