Hide apache and php version information

Webserver avoids unnecessary troubles. You can hide the apache and php version information without displaying the Apache version information etcapache2apache2. conf or etchttpdconfhttpd. confServerTokensProductOnlyServerSignatureOff restart apache now the http header only shows: Server: Apache

The web server avoids unnecessary troubles. You can hide the apache version information/etc/apache2/apache2.conf or/etc/httpd/conf/httpd without displaying the Apache and php version information. conf ServerTokens ProductOnly ServerSignature Off restart apache now the http header only shows: Server: Apache

The web server avoids unnecessary troubles and does not display apache and php version information.

Hide Apache version information
/Etc/apache2/apache2.conf or/etc/httpd/conf/httpd. conf

ServerTokens ProductOnly
ServerSignature Off

Restart apache
Now, only the following information is displayed in the http header:
Server: Apache

Hide PHP version
Php. ini

Expose_php On
Change
Expose_php Off

After apache is restarted, the php version is hidden in the http header.

Details:

What should we do to prevent others from spying on our servers.
Let's take a look at the two relevant parameters, ServerTokens and ServerSignature. By controlling these two valves, we should be able to play a role. For example, we can write this in the configuration file:
ServerTokens Prod
ServerSignature Off

ServerTokens
It is used to control whether the server sends requests from the client, and outputs important system information such as the server system type or built-in module to the client. The default global control threshold in the main configuration file is "Full" (ServerTokens Full). Therefore, if your Linux release version has not changed this threshold value, all sensitive information related to your system will be made public worldwide. For example, RHEL will change the threshold value to "ServerTokens OS", while Debian still uses the default "Full" threshold value.
Take apache-2.0.55 as an example. The threshold value can be set to one of the following items (followed by the corresponding Banner Header ):
Prod >>> Server: Apache
Major >>> Server: Apache/2
Minor >>> Server: Apache/2.0
Minimal >>> Server: Apache/2.0.55
OS >>> Server: Apache/2.0.55 (Debian)
Full (or not specified) default> Server: Apache/2.0.55 (Debian) PHP/5.1.2-1 + b1 mod_ssl/2.0.55 OpenSSL/0.9.8b

ServerSignature
Controls how information is displayed in the footer of a page (error message, mod_proxy ftp directory listing, etc.) generated by the system.

It can be controlled in the global settings file or through the. htaccess file.
The default value is "off" (ServerSignature Off). Some Linux releases may open this valve. For example, Debian sets this valve to open by default on the default virtual host.
The threshold value of the global valve is overwritten by the threshold value in the configuration file of the virtual host or directory unit.
The available thresholds are as follows:
Off (default): No footer information is output (like Apache1.2 and earlier versions, used for confusion)
On: Output a line about the version number and the ServerName of the running Virtual Host (Versions later than 2.0.44, whether ServerTokens outputs the version number)
EMail: create a "mailto" sent to ServerAdmin"

Note * the above method about how to set two valves to minimize sensitive information leakage does not make your server more secure. if the version you are using is old, upgrade the system as soon as possible to reduce the risk of worm attacks.