How to hide the PHP version number on a Linux Server
This article mainly introduces how to hide the PHP version number on a Linux server, which helps prevent attacks initiated by attackers against PHP detailed version vulnerabilities. For more information, see
In general, information leakage exists on most web Servers installed by default, one of which is PHP. PHP is now a popular server-side html embedded language ?). In today's challenging age, many attackers attempt to discover vulnerabilities on your server. Therefore, I will briefly describe how to hide PHP information on a Linux server.
Expose_php is enabled by default. Disable the "expose_php" parameter so that php can hide its version information.
?
1 |
[Root @ centos66 ~] # Vi/etc/php. ini |
In your php. ini, locate the line containing expose_php and set On to Off:
?
Before that, the web server header looks like this:
?
1 |
[Root @ centos66 ~] # Curl-I http://www.ehowstuff.com/ |
?
1 2 3 4 5 6 7 8 9 |
HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset = UTF-8 Vary: Accept-Encoding X-Powered-By: PHP/5.3.3 X-Pingback: http://www.ehowstuff.com/xmlrpc.php Date: Wed, 11 Feb 2015 14:10:43 GMT X-Page-Speed: 1.9.32.2-4321 Cache-Control: max-age = 0, no-cache |
After changing and restarting the Web service, php will not display the version in the web Service header:
?
1 2 3 4 5 6 7 8 9 |
HTTP/1.1 200 OK Server: nginx Date: Wed, 11 Feb 2015 15:38:14 GMT Content-Type: text/html; charset = UTF-8 Vary: Accept-Encoding X-Pingback: http://www.ehowstuff.com/xmlrpc.php Date: Wed, 11 Feb 2015 14:10:43 GMT X-Page-Speed: 1.9.32.2-4321 Cache-Control: max-age = 0, no-cache |