How to hide PHP version in Linux server

Usually, most web servers installed with default settings have information leakage, and one of them is PHP. PHP is one of the most popular server-side HTML embedded languages ​​today. In these challenging times, there are many attackers who will try to find vulnerabilities on your server. Therefore, I will briefly describe how to hide PHP information in a Linux server.

expose_php is enabled by default. Turning off the "expose_php" parameter allows PHP to hide its version information.

[root@centos66 ~]# vi /etc/php.ini

In your php.ini, locate the line containing expose_php and set On to Off:

expose_php = Off

Before this , the web server header looks like this:

[root@centos66 ~]# curl -I http://www.ehowstuff.com/

HTTP/1.1 200 OK

Server: nginx

Content- Type: text/html; charset=UTF-8

Vary: Accept-Encoding

X-Powered-By: PHP/5.3.3

X-Pingback: http://www.ehowstuff.com/xmlrpc.php

Date: Wed, 11 Feb 2015 14:10:43 GMT

X-Page-Speed: 1.9.32.2-4321

Cache-Control: max-age=0, no-cache

Change and restart the Web service After that, php will not display the version in the web service header:

HTTP/1.1 200 OK

Server: nginx

Content-Type: text/html; charset=UTF-8

Vary: Accept- Encoding

X-Powered-By: PHP/5.3.3

X-Pingback: http://www.ehowstuff.com/xmlrpc.php

Date: Wed, 11 Feb 2015 14:10:43 GMT

X-Page-Speed: 1.9.32.2-4321

Cache-Control: max-age=0, no-cache

LCTT translation annotation: In addition to the version of PHP, the web server will also leak the version number by default. If you use Apache server, please refer to this article to turn off the Apache version display; if you use Nginx server, please add server_tokens off; configuration in the http section. Please remember to restart related services for the above modifications.