Summary of hidden PHP version and Apache version method

Hide PHP Version

For security reasons, it is best to hide the PHP version to avoid some of the attacks caused by a PHP version vulnerability.

1, Hidden PHP version is hidden "X-powered-by:php/5.2.13″ this information."

The method is simple:

Edit php.ini configuration file, Modify or add: expose_php = off save and restart the corresponding Web server such as Nginx or Apache.

The code is as follows	Copy Code
[ROOT@BKJZ/]# curl-i www.111cn.net http/1.1 OK Server:nginx Date:tue, 05:45:13 GMT content-type:text/html; Charset=utf-8 Connection:keep-alive Vary:accept-encoding

The PHP version has been completely hidden.

Hide Apache Version number

In general, the software's vulnerability information is related to a specific version, so the version number of the software is valuable to the attacker.

By default, the system will display the Apache version of the module (HTTP return header information). If the directory is listed, the Domain name information (the body of the file list) is displayed, such as:

The code is as follows	Copy Code
[Root@localhost tmp]# curl-i 192.168.80.128:88 http/1.1 403 Forbidden date:wed, 13:09:33 GMT server:apache/2.2.15 (CentOS) Accept-ranges:bytes content-length:5043 Connection:close content-type:text/html; Charset=utf-8

Hide Method:

1, the way to hide the Apache version number is to modify Apache configuration files, such as the Redhat system Linux default is:

The code is as follows	Copy Code
Vim/etc/httpd/conf/httpd.conf

Search keyword Servertokens and serversignature, respectively, to modify:

Servertokens OS modified to Servertokens productonly

Serversignature on modified to serversignature off

2, restart or reload Apache will be OK.

The code is as follows	Copy Code
Apachectl restart

Test it as follows:

The code is as follows	Copy Code
[Root@localhost tmp]# curl-i 192.168.80.128:88 http/1.1 403 Forbidden date:wed, 13:23:22 GMT Server:apache Accept-ranges:bytes content-length:5043 Connection:close content-type:text/html; Charset=utf-8

The version number and operating system information are already hidden.

3, the above method is installed by default Apache, if it is compiled and installed, you can also modify the source code to compile the method:

Enter the Apache source directory of the Include directory, and then edit ap_release.h this file, you will see the following variables:

The code is as follows	Copy Code
#define Ap_server_basevendor "Apache Software Foundation" #define Ap_server_baseproject "Apache HTTP SERVER" #define AP_SERVER_BASEPRODUCT "Apache" #define Ap_server_majorversion_number 2 #define Ap_server_minorversion_number 2 #define Ap_server_patchlevel_number 15 #define Ap_server_devbuild_boolean 0

You can modify or hide the version number and the name according to your preferences.

How to hide the Apache and PHP version numbers under Windows I haven't found it yet, so I'll update it below.