How to hide the version number of Apache, Nginx, and PHP

How to hide the version number of Apache, Nginx, and PHP

Recently, it was reported that Apache, Nginx, and PHP versions were exposed due to vulnerabilities. The method is as follows:

Apache

Add the following two lines to the http. conf file. The default value is none.

ServerSignature OffServerTokens Prod

ServerSignature appears at the bottom of the page generated by Apache, such as page 404 and directory list. The ServerTokens directory is used to determine what information Apache will fill in the header of the Server HTTP response package. If ServerTokens is set to Prod, the HTTP response header is set to: Server: Apache

The Nginx version number must be modified in two places.

1. Add server_tokens off to the http file in the nginx. conf file;

Http {#... omit some configurations server_tokens off ;}

2. to modify the configuration file of php-fpm, check the file name. The default file is fastcgi. conf.

Fastcgi_param SERVER_SOFTWARE nginx/$ nginx_version;

Change

Fastcgi_param SERVER_SOFTWARE nginx;

3. Restart the server.

Nginx-s reload

Finally, let's talk about php version hiding.

The http Version information is usually exposed in the http header, which is usually in the form of X-Powered-By: PHP/5.2.11. You only need to modify the expose_php = On of the php. ini file to expose_php = Off.

Then reload php

Phpfpm reload

This article permanently updates the link address: