How to hide the PHP version and apache version _ PHP Tutorial

Hide the summary of PHP and apache versions. Today, we found that using webmaster tools or related tools can directly view the php and apache versions used by the server, which is very insecure for the website, if the webmaster tool or related tools are found today, you can directly view the php version and apache version used by the server, which is very insecure for the website, if there are problems with these versions, you can solve them directly. let's take a look at the hidden version method. Unfortunately, I haven't found a solution for windows.

Hide PHP version

To ensure security, it is best to hide the PHP version to avoid some attacks caused by PHP version vulnerabilities.

1. hiding the PHP version is to hide "X-Powered-By: PHP/5.2.13.

The method is simple:

Edit the php. ini configuration file, modify or add: expose_php = Off, save the file, and restart Nginx or Apache and other corresponding Web servers.

The code is as follows:
[Root @ bkjz/] # curl-I www. bKjia. c0m HTTP/1.1 200 OK Server: nginx Date: Tue, 20 Jul 2010 05:45:13 GMT Content-Type: text/html; charset = UTF-8 Connection: keep-alive Vary: Accept-Encoding

The PHP version has been completely hidden.

Hide Apache version

Generally, the vulnerability information of the software is related to a specific version. Therefore, the software version number is of great value to the attacker.

By default, the system displays all Apache version modules (http return header information ). If the directory is listed, the domain name information (File List body) is displayed, for example:

The code is as follows:
[Root @ localhost tmp] # curl-I 192.168.80.128: 88 HTTP/1.1 403 Forbidden Date: Wed, 21 Jul 2010 13:09:33 GMT Server: Apache/2.2.15 (CentOS) Accept-Ranges: bytes Content-Length: 5043 Connection: close Content-Type: text/html; charset = UTF-8

Hiding method:

1. to hide the Apache version, modify the Apache configuration file. for example, the default value of Linux in the RedHat system is:

The code is as follows:
Vim/etc/httpd/conf/httpd. conf

Search for ServerTokens and ServerSignature keywords, respectively. modify:

Change ServerTokens OS to ServerTokens ProductOnly

Change ServerSignature On to ServerSignature Off

2. restart or reload Apache.

The code is as follows:
Apachectl restart

Test the function as follows:

The code is as follows:
[Root @ localhost tmp] # curl-I 192.168.80.128: 88 HTTP/1.1 403 Forbidden Date: Wed, 21 Jul 2010 13:23:22 GMT Server: Apache Accept-Ranges: bytes Content-Length: 5043 Connection: close Content-Type: text/html; charset = UTF-8

The version number and operating system information are hidden.

3. the above method is the Apache installed by default. if it is compiled and installed, you can also modify the source code compilation method:

Go to the include directory under the Apache source code directory and edit the file ap_release.h. you will see the following variables:

The code is as follows:
# Define AP_SERVER_BASEVENDOR "Apache Software Foundation" # Define AP_SERVER_BASEPROJECT "Apache HTTP Server" # Define AP_SERVER_BASEPRODUCT "Apache" # Define AP_SERVER_MAJORVERSION_NUMBER 2 # Define AP_SERVER_MINORVERSION_NUMBER 2 # Define AP_SERVER_PATCHLEVEL_NUMBER 15 # Define AP_SERVER_DEVBUILD_BOOLEAN 0

You can modify or hide the version number and name based on your preferences.

I haven't found the method for hiding the apache and php versions in windows. the method will be updated below.

...