Typically, one of the Web servers that are installed with the default settings is information disclosure, which is PHP. PHP is now a popular service-side HTML embedded language (one?). )。 In today's challenging era, there are a number of attackers who try to discover vulnerabilities on your server. Therefore, I will briefly describe how to hide php information in a Linux server.
By default, expose_php is on by default. Turning off the "expose_php" parameter allows PHP to hide its version information.
[Root@centos66 ~]# Vi/etc/php.ini
In your php.ini, locate the line containing the expose_php and set it to OFF:
expose_php = Off
Until then, the Web server header looks like this:
[Root@centos66 ~]# curl-i http://www.ehowstuff.com/
http/1.1 OK
Server:nginx
content-type:text/html; Charset=utf-8
Vary:accept-encoding
x-powered-by:php/5.3.3
x-pingback:http://www.ehowstuff.com/xmlrpc.php
date:wed, 14:10:43 GMT
x-page-speed:1.9.32.2-4321
Cache-control:max-age=0, No-cache
After you change and restart the Web service, PHP does not display the version in the Web Service header:
http/1.1 OK
Server:nginx
content-type:text/html; Charset=utf-8
Vary:accept-encoding
x-powered-by:php/5.3.3
x-pingback:http://www.ehowstuff.com/xmlrpc.php
date:wed, 14:10:43 GMT
x-page-speed:1.9.32.2-4321
Cache-control:max-age=0, No-cache
LCTT: In addition to the PHP version, the WEB server also defaults to the release number. If using Apache server, please refer to this article to turn off Apache version display, if using Nginx server, please add server_tokens off in the HTTP segment; Configuration. Please remember to restart the relevant services for the above changes.