This article mainly introduces the Linux system on the server to hide the version of the PHP method, to help prevent the attacker against the detailed version of PHP attacks launched by the attack, the need for friends can refer to the
In general, the Web server where most defaults are installed has information leaks, one of which is PHP. PHP is today's popular service-side HTML embedded language (one?). In today's challenging times, there are many attackers who try to uncover vulnerabilities on your service side. So, I'll simply describe how to hide php information in a Linux server.
By default, expose_php is open by default. Turning off the "expose_php" parameter allows PHP to hide its version information.
?
| 1 | [Root@centos66 ~]# Vi/etc/php.ini |
In your php.ini, navigate to the line containing expose_php to set on off:
?
| 1 | expose_php = Off |
Before that, the Web server header looked like this:
?
| 1 | [Root@centos66 ~]# curl-i http://www.ehowstuff.com/ |
?
| 1 2 3 4 5 6 7 8 9 | http/1.1 OK Server:nginx content-type:text/html; Charset=utf-8 vary:accept-encoding x-powered-by:php/5.3.3 x-pingback:http://www.ehowstuff.com/xmlrpc.php date:wed, One Feb 2015 14:10:43 GMT x-page-speed:1.9.32.2-4321 cache-control:max-age=0, No-cache |
After you change and restart the Web service, PHP does not display the version in the Web Service header:
?
| http/1.1 OK Server:nginx date:wed, Feb 2015 15:38:14 GMT content-type:text/html; Charset=utf-8 vary:accept-encoding x-pingback:http://www.ehowstuff.com/xmlrpc.php date:wed, one FEB 2015 14:10:43 GMT x page-speed:1.9.32.2-4321 cache-control:max-age=0, No-cache |
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
