Typically, one of the Web servers that are installed with the default settings is information disclosure, which is PHP. PHP is now a popular service-side HTML embedded language (one?). )。 In today's challenging era, there are a number of attackers who try to discover vulnerabilities on your server. Therefore, I will briefly describe how to hide PHP information in a Linux server .
By default, expose_php is on by default. Turning off the "expose_php" parameter allows php to hide its version information.
[Email protected] ~]# Vi/etc/php.ini
In your php.ini, Locate the line containing the expose_php and set it to off:
expose_php = Off
Until then, theWeb Server header looks like this:
[Email protected] ~]# curl-i website /
http/1.1 OK
Server:nginx
content-type:text/html; Charset=utf-8
Vary:accept-encoding
x-powered-by:php/5.3.3
X-pingback: url /xmlrpc.php
date:wed, 14:10:43 GMT
x-page-speed:1.9.32.2-4321
Cache-control:max-age=0, No-cache
After you change and restart the Web service,php does not display the version in the Web Service Header:
http/1.1 OK
Server:nginx
date:wed, 15:38:14 GMT
content-type:text/html; Charset=utf-8
Vary:accept-encoding
X-pingback: url /xmlrpc.php
date:wed, 14:10:43 GMT
x-page-speed:1.9.32.2-4321
Cache-control:max-age=0, No-cache
In addition to the PHP version,theWeb Server also defaults to the release number. If you use Apache Server, please refer to this article to turn off Apache version display, if using Nginx Server, please add server_tokens off in the HTTP segment; configuration. Please remember to restart the relevant services for the above changes.
Free pick up Brother Lian IT Education Original Linux Operations Engineer video/Detailed Linux tutorials, details of the website customer service: http://www.lampbrother.net/linux/
or hooking up with Q2430675018.
Welcome to the Linux Communication Group 478068715
How to hide the PHP version from a Linux server