How to hide the PHP version from a Linux server

Typically, one of the Web servers that are installed with the default settings is information disclosure, which is PHP. PHP is now a popular service-side HTML embedded language (one?). ）。 In today's challenging era, there are a number of attackers who try to discover vulnerabilities on your server. Therefore, I will briefly describe how to hide PHP information in a Linux server .

By default, expose_php is on by default. Turning off the "expose_php" parameter allows php to hide its version information.

[Email protected] ~]# Vi/etc/php.ini

In your php.ini, Locate the line containing the expose_php and set it to off:

expose_php = Off

Until then, theWeb Server header looks like this:

[Email protected] ~]# curl-i website /

http/1.1 OK

Server:nginx

content-type:text/html; Charset=utf-8

Vary:accept-encoding

x-powered-by:php/5.3.3

X-pingback: url /xmlrpc.php

date:wed, 14:10:43 GMT

x-page-speed:1.9.32.2-4321

Cache-control:max-age=0, No-cache

After you change and restart the Web service,php does not display the version in the Web Service Header:

http/1.1 OK

Server:nginx

date:wed, 15:38:14 GMT

content-type:text/html; Charset=utf-8

Vary:accept-encoding

X-pingback: url /xmlrpc.php

date:wed, 14:10:43 GMT

x-page-speed:1.9.32.2-4321

Cache-control:max-age=0, No-cache

In addition to the PHP version,theWeb Server also defaults to the release number. If you use Apache Server, please refer to this article to turn off Apache version display, if using Nginx Server, please add server_tokens off in the HTTP segment; configuration. Please remember to restart the relevant services for the above changes.

Free pick up Brother Lian IT Education Original Linux Operations Engineer video/Detailed Linux tutorials, details of the website customer service: http://www.lampbrother.net/linux/

or hooking up with Q2430675018.

Welcome to the Linux Communication Group 478068715

How to hide the PHP version from a Linux server