How to hide Nginx, Apache, and PHP versions

This article mainly introduces how to hide Nginx, Apache, and PHP versions to prevent targeted vulnerability attacks. For more information, see when hackers intrude into a server, first, click "Step On". Here "Step On" refers to understanding the details of some services running on the server, such as the version number. after hackers know the version number of the service, we can find some vulnerabilities in the corresponding version of the service to intrude and attack, so we need to hide these versions to avoid unnecessary problems.

Let's test it.

insoz:~ insoz$ curl -I http://127.0.0.1/phpinfo.phpHTTP/1.1 200 OKServer: nginx/1.5.0Date: Thu, 18 Jun 2015 02:39:32 GMTContent-Type: text/htmlConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/5.3.1

We can see that the nginx and php versions of our servers are exposed. let's look at the hidden methods.

First, let's look at how to hide the version number in nginx:
Add the following code to the nginx. conf configuration file:

server_tokens off;

How to hide the version number in apache:
Add the following code to the apache configuration file httpd. conf:

ServerTokens ProdServerSignature Off

Let's take a look at how to hide the version number in php:
Add the following code to the php configuration file php. ini:

expose_php = Off

Okay. after modification, restart the service. let's test it again:

insoz:~ insoz$ curl -I http://127.0.0.1//phpinfo.phpHTTP/1.1 200 OKServer: nginxDate: Thu, 18 Jun 2015 02:41:47 GMTContent-Type: text/htmlConnection: keep-aliveVary: Accept-Encoding