Summary of methods to hide PHP version and apache version_PHP tutorial

Today I discovered that you can use webmaster tools or some related tools to directly check the php version number and apache version number used by the server. This is very unsafe for the website. If there is a problem with these versions, some people can It’s done directly. Let’s take a look at the method of hiding the version. Unfortunately, I haven’t found a solution yet under Windows.

Hide PHP version

For security reasons, it is best to hide the PHP version to avoid some attacks caused by PHP version vulnerabilities.

1. Hiding the PHP version means hiding the information "X-Powered-By: PHP/5.2.13".

The method is very simple:

Edit the php.ini configuration file, modify or add: expose_php = Off After saving, restart the corresponding web server such as Nginx or Apache.

The code is as follows

Copy code

代码如下	复制代码
[root@bkjz /]# curl -I www.bKjia.c0m HTTP/1.1 200 OK Server: nginx Date: Tue, 20 Jul 2010 05:45:13 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding

[root@bkjz /]# curl -I www.bKjia.c0m

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 20 Jul 2010 05:45:13 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive

Vary: Accept-Encoding

The PHP version has been completely hidden.

Hide Apache version number

代码如下	复制代码
[root@localhost tmp]# curl -I 192.168.80.128:88 HTTP/1.1 403 Forbidden Date: Wed, 21 Jul 2010 13:09:33 GMT Server: Apache/2.2.15 (CentOS) Accept-Ranges: bytes Content-Length: 5043 Connection: close Content-Type: text/html; charset=UTF-8

Generally, software vulnerability information is related to a specific version, so the software version number is very valuable to attackers.

代码如下	复制代码
vim /etc/httpd/conf/httpd.conf

By default, the system will display all Apache version modules (http returns header information). If a directory is listed, the domain name information (text of the file list) will be displayed, such as:

The code is as follows	Copy code
[root@localhost tmp]# curl -I 192.168.80.128:88 HTTP/1.1 403 Forbidden Date: Wed, 21 Jul 2010 13:09:33 GMT Server: Apache/2.2.15 (CentOS) Accept-Ranges: bytes Content-Length: 5043 Connection: close Content-Type: text/html; charset=UTF-8

Hide method:

代码如下	复制代码
apachectl restart

1. The way to hide the Apache version number is to modify the Apache configuration file. For example, the default for RedHat Linux is:

The code is as follows

Copy code

vim /etc/httpd/conf/httpd.conf

代码如下	复制代码
[root@localhost tmp]# curl -I 192.168.80.128:88 HTTP/1.1 403 Forbidden Date: Wed, 21 Jul 2010 13:23:22 GMT Server: Apache Accept-Ranges: bytes Content-Length: 5043 Connection: close Content-Type: text/html; charset=UTF-8

Search for the keywords ServerTokens and ServerSignature respectively, modify: ServerTokens OS is modified to ServerTokens ProductOnly ServerSignature On is changed to ServerSignature Off 2. Just restart or reload Apache.

The code is as follows	Copy code
apachectl restart

Test it as follows:

The code is as follows	Copy code
[root@localhost tmp]# curl -I 192.168.80.128:88 HTTP/1.1 403 Forbidden Date: Wed, 21 Jul 2010 13:23:22 GMT Server: Apache Accept-Ranges: bytes Content-Length: 5043 Connection: close Content-Type: text/html; charset=UTF-8

The version number and operating system information have been hidden.

3. The above method is for Apache installed by default. If it is compiled and installed, you can also use the method of modifying the source code to compile:

Go to the include directory under the Apache source code directory, and then edit the ap_release.h file. You will see the following variables:

#define AP_SERVER_MAJORVERSION_NUMBER 2
#define AP_SERVER_MINORVERSION_NUMBER 2
#define AP_SERVER_PATCHLEVEL_NUMBER 15
#define AP_SERVER_DEVBUILD_BOOLEAN 0

The code is as follows

代码如下	复制代码
#define AP_SERVER_BASEVENDOR “Apache Software Foundation” #define AP_SERVER_BASEPROJECT “Apache HTTP Server” #define AP_SERVER_BASEPRODUCT “Apache” #define AP_SERVER_MAJORVERSION_NUMBER 2 #define AP_SERVER_MINORVERSION_NUMBER 2 #define AP_SERVER_PATCHLEVEL_NUMBER 15 #define AP_SERVER_DEVBUILD_BOOLEAN 0

Copy code

#define AP_SERVER_BASEVENDOR “Apache Software Foundation”
#define AP_SERVER_BASEPROJECT “Apache HTTP Server”
#define AP_SERVER_BASEPRODUCT “Apache”

You can modify or hide the version number and name according to your own preferences. I haven’t found a way to hide the Apache and PHP version numbers under Windows yet. I will update it below if I find it. http://www.bkjia.com/PHPjc/632828.htmlwww.bkjia.com

true

http: //www.bkjia.com/PHPjc/632828.html

TechArticleToday I found that using webmaster tools or some related tools can directly check the php version number and apache used by the server version number, this is very unsafe for the website, if this...