In general, the Web server where most defaults are installed has information leaks, one of which is PHP. PHP is today's popular service-side HTML embedded language (one?) )。 In today's challenging times, there are many attackers who try to uncover vulnerabilities on your service side. So, I'll simply describe how to hide php information in a Linux server.
By default, expose_php is open by default. Turning off the "expose_php" parameter allows PHP to hide its version information.
[Root@centos66 ~]# Vi/etc/php.ini
In your php.ini, navigate to the line containing expose_php to set on off:
Before that, the Web server header looked like this:
[Root@centos66 ~]# curl-i http://www.ehowstuff.com/
http/1.1 OK
server:nginx
content-type:text/html; charset=utf-8
vary:accept-encoding
x-powered-by:php/5.3.3
x-pingback:http://www.ehowstuff.com/xmlrpc.php
date:wed, Feb 2015 14:10:43 GMT< c13/>x-page-speed:1.9.32.2-4321
cache-control:max-age=0, No-cache
After you change and restart the Web service, PHP does not display the version in the Web Service header:
http/1.1 OK
server:nginx
date:wed, Feb 2015 15:38:14 GMT content-type:text/html
;
charset=utf-8 Vary:accept-encoding
x-pingback:http://www.ehowstuff.com/xmlrpc.php
date:wed, Feb 2015 14:10:43 GMT
x-page-speed:1.9.32.2-4321
cache-control:max-age=0, No-cache