How to hide the PHP version number on a Linux Server

This article mainly introduces how to hide the PHP version number on a Linux server, which helps prevent attacks initiated by attackers against PHP detailed version vulnerabilities. For more information, see, most web Servers installed by default have information leakage, one of which is PHP. PHP is now a popular server-side html embedded language ?). In today's challenging age, many attackers attempt to discover vulnerabilities on your server. Therefore, I will briefly describe how to hide PHP information on a Linux server.

Expose_php is enabled by default. Disable the "expose_php" parameter so that php can hide its version information.

 [root@centos66 ~]# vi /etc/php.ini

In your php. ini, locate the line containing expose_php and set On to Off:

expose_php = Off

Before that, the web server header looks like this:

  [root@centos66 ~]# curl -I http://www.ehowstuff.com/

  HTTP/1.1 200 OK  Server: nginx  Content-Type: text/html; charset=UTF-8  Vary: Accept-Encoding  X-Powered-By: PHP/5.3.3  X-Pingback: http://www.ehowstuff.com/xmlrpc.php  Date: Wed, 11 Feb 2015 14:10:43 GMT  X-Page-Speed: 1.9.32.2-4321  Cache-Control: max-age=0, no-cache

After changing and restarting the Web service, php will not display the version in the web Service header:

  HTTP/1.1 200 OK  Server: nginx  Date: Wed, 11 Feb 2015 15:38:14 GMT  Content-Type: text/html; charset=UTF-8  Vary: Accept-Encoding  X-Pingback: http://www.ehowstuff.com/xmlrpc.php  Date: Wed, 11 Feb 2015 14:10:43 GMT  X-Page-Speed: 1.9.32.2-4321  Cache-Control: max-age=0, no-cache