Home > Article > Backend Development > PHP/How to hide PHP version in Linux server_PHP tutorial
PHP/How to hide PHP version in Linux server_PHP tutorial
- WBOYOriginal
- 2016-07-13 09:57:35755browse
PHP/How to hide PHP version in Linux server
Usually, most web servers installed with default settings have information leakage, and one of them is PHP. PHP is one of the popular server-side HTML embedded languages today? ). In these challenging times, there are many attackers who will try to find vulnerabilities on your server. Therefore, I will briefly describe how to hide PHP information in a Linux server.
Expose_php is enabled by default. Turning off the "expose_php" parameter allows PHP to hide its version information.
[root@centos66 ~]# vi /etc/php.ini
In your php.ini, locate the line containing expose_php and set On to Off:
expose_php = Off
Before this, the web server header looked like this:
[root@centos66 ~]# curl -I http://www.ehowstuff.com/HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding X -Powered-By: PHP/5.3.3 X-Pingback: http://www.ehowstuff.com/xmlrpc.php Date: Wed, 11 Feb 2015 14:10:43 GMT 4321 Cache-Control: max-age=0, no-cache
After changing and restarting the web service, php will no longer display the version in the web service header:
HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding X-Powered-By: PHP/5.3.3 X-Pingback: http://www. ehowstuff.com/xmlrpc.php Date: Wed, 11 Feb 2015 14:10:43 GMT X-Page-Speed: 1.9.32.2-4321 Cache-Control: max-age=0, no-cache
LCTT translation annotation: In addition to the PHP version, the web server will also leak the version number by default. If you use the Apache server, please refer to this article to turn off the Apache version display; if you use the Nginx server, please add the server_tokens off; configuration in the http section. Please remember to restart related services for the above modifications.
