How to hide the version numbers of Nginx or Apache and PHP

When a hacker invades a server, he will first "step in". The "step in" here refers to knowing the details of some services running in the server, such as: version number. When the hacker knows the version number of the corresponding service, , you can look for some vulnerabilities in the corresponding version of the service to invade and attack, so we need to hide these version numbers to avoid some unnecessary problems

Let’s test it

insoz:~ insoz$ curl -I http://127.0.0.1/phpinfo.php
HTTP/1.1 200 OK
Server: nginx/1.5.0
Date: Thu, 18 Jun 2015 02:39:32 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.1

You can see our server nginx and php The versions are all exposed. Let’s take a look at the hiding method

First, let’s look at the method of hiding the version number in nginx:
In the nginx configuration file nginx.conf, add the following code

server_tokens off;

The method of hiding the version number in apache :
In the apache configuration file httpd.conf, add the following code

ServerTokens Prod
ServerSignature Off

Let’s look at how to hide the version number in php:
In the php configuration file php.ini, add the following code

expose_php = Off

Okay, After the modification is completed, restart the service and let’s test it again:

insoz:~ insoz$ curl -I http://127.0.0.1//phpinfo.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Jun 2015 02:41:47 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding

The above introduces the method of hiding the version number of Nginx or Apache and PHP, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.