Home > Others

How to hide a server signature on Apache

Source: Internet
Author: User
Tags ini centos arch linux linux mint
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

This article mainly introduces the method of hiding the server signature on Apache, the example is based on the Linux of Debian department, the friend who need can refer to the

Revealing a Web server's signature with server/php version information can pose a security risk because you are basically telling the attacker about a known vulnerability on your system. Therefore, as a part of the server hardening, it is highly recommended that you disable all Web server signatures.

Disable Apache Web server signing

Disabling the Apache Web server signature can be done by editing the Apache configuration file.

On the Debian,ubunt or Linux Mint:

?

1 $ sudo vi/etc/apache2/apache2.conf

On Centos,fedora,rhel or Arch Linux:

?

1 $ sudo vi/etc/httpd/conf/httpd.conf

Add the following two lines to the bottom of the Apache configuration file.

Copy code code as follows:

Serversignature off

Servertokens Prod

Then restart the Web server for the modifications to take effect:

?

1 2 3 $ sudo service apache2 restart (Debian, Ubuntu or Linux Mint) $ sudo service httpd restart (Centos/rhel 6) $ sudo systemct L Restart Httpd.service (Fedora, Centos/rhel 7, Arch Linux)

The first line ' serversignature off ' causes the Apache2 Web server to hide the Apache version information on all error pages.

However, without the second line of ' Servertokens Prod ', the Apache server will still contain detailed server tags in the HTTP response header, which leaks the Apache version number.

The second line of ' Servertokens Prod ' is to compress the server tag to the minimum in the HTTP response header.

Therefore, when two rows are placed at the same time, Apache will not leak version information in the page or in the HTTP response header.

Hide PHP Version

Another potential security threat is the disclosure of PHP version information in the HTTP response header. By default, the Apache Web server contains PHP version information through the "x-powered-by" field in the HTTP response header. If you want to hide the PHP version in the HTTP header, use a text editor to open the php.ini file, find the "expose_php = On" line, and change it to "expose_php = Off".

On the Debian,ubunt or Linux Mint:

?

1 $ sudo vi/etc/php5/apache2/php.ini

On Centos,fedora,rhel or Arch Linux:

?

1 2 3 $ sudo vi/etc/php.ini expose_php = off

Finally, reboot the APACHE2 Web server to reload the updated PHP configuration file.

Now, you will no longer see the HTTP response header with the "x-powered-by" field.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to hide ip address on laptop how to hide php errors on page how to turn off server signature wordpress how to install apache http server on windows how to install apache server on windows 10 how to install apache http server on windows 10 how to install apache web server on windows 7

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More