Home > Developer > Web Develop

Hide Php,apache,varnish,nginx version information in the browser

Source: Internet
Author: User
Tags varnish
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The General browser displays information about the server execution script or server version, such as:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6D/D1/wKiom1VsJvPTpdFaAAHeQPMkoQ0036.jpg "title=" Qq20150601173259.jpg "alt=" Wkiom1vsjvptpdfaaaheqpmkoq0036.jpg "/>

While this facilitates debugging viewing, it exposes too much information about the server. Practical applications are best to close this information. Prevent those who have ulterior motives from doing damage.


PHP Stealth Method:

Document Address: http://php.net/manual/zh/ini.core.php#ini.expose-php

Modify PHP.ini


expose_php on

Change into

expose_php OFF


Restart the server. If there is no effect, you need to check if the modified php.ini is the current PHP-loaded configuration file.


Varnish Hidden methods:

Modify the DEFAULT.VCL configuration file.

Locate or add the Vcl_deliver subroutine with the following code:

Sub Vcl_deliver {unset resp.http.Via;//varnish display version information by default unset resp.http.x-varnish;  Varnish default set resp.http.server= "No-server"; Backend server version information, such as: apache/2.4.4 (Win64)}

The first two lines of code is to delete the varnish default information header, the last line is to modify the backend server header, restart varnish

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6D/DA/wKiom1VtT16x6ZHxAAGvVcPrCkY214.jpg "title=" Qq20150602143750.jpg "alt=" Wkiom1vtt16x6zhxaagvvcprcky214.jpg "/>

Of course, you can also delete the Server display,

Set resp.http.server= "No-server";

Revision changed to

Unset resp.http.Server;

In the Vcl_deliver subroutine, you can modify the Add response header information arbitrarily, so there is varnish in the server and the back-end server does not need to modify the hidden configuration.


Apache Stealth Method:

Document Address: Http://httpd.apache.org/docs/2.2/mod/core.html#servertokens

After the 2.0.44 version, modify the http.conf servertokens directive:


Servertokens Prod[uctonly]
The server will send (for example): Server:apache


Servertokens Major
The server will send (for example): SERVER:APACHE/2


Servertokens Minor
The server will send (for example): server:apache/2.0


Servertokens Min[imal]
The server will send (for example): server:apache/2.0.41


Servertokens OS
The server will send (for example): server:apache/2.0.41 (Unix)


Servertokens full (or unspecified)
The server will send (for example): server:apache/2.0.41 (Unix) php/4.2.2 mymod/1.2


This setting acts on the entire server and cannot be used in the configuration segment of the virtual host.

Modify the value of the servertokens as needed, and then restart the server.


Nginx Hiding method:

Modify nginx.conf Add the following code to the file and modify it if it exists

Server_tokens off;

Restart the server to



This article is from the "gangbusters" blog, make sure to keep this source http://php2012web.blog.51cto.com/5585213/1657501

Hide Php,apache,varnish,nginx version information in the browser

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
php browser information hide notice in php hide whois information php detect browser version how to hide page url in browser address bar php check browser version hide notice error in php
Related Article
Jwt+asp.net MVC timestamp prevents replay attacks

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More