Home > Article > Backend Development > How to hide the Apache version in PHP+Apache environment to avoid being attacked

How to hide the Apache version in PHP+Apache environment to avoid being attacked

php中世界最好的语言Original: 2017-12-20 16:33:281573browse

We know that many attacks on servers are targeted attacks based on software versions, so if you install is Apache, it is very necessary to hide its version number, which can also reduce hidden dangers. a method.

How to hide? The method to hide the Apache version number is actually very simple. Just set ServerTokensProd and ServerSignatureOff in httpd.conf.

By default, the system will display all Apache version modules (http returns header information).

If the directory is listed, the domain name information (file list text) will be displayed, such as:

[root@localhost tmp]# curl -I 192.168.80.128:88 HTTP/1.1 403 Forbidden Date: Wed, 21 Jul 2010 13:09:33 GMT Server: Apache/2.2.15 (CentOS) Accept-Ranges: bytes Content-Length: 5043 Connection: close Content- Type: text/html; charset=UTF-8

When you open a file that does not exist or is restricted, the version number of the apache you are using will be displayed at the bottom of the page.

Change the configuration file of apache, find the ServerTokens and ServerSignature directives, modify the default properties; find the httpd.conf file in your apache installation directory and open it, then Operate as follows:

#The default value of ServerTokensFull is FullServerTokensProd

#The default value of ServerSignatureOn is OnServerSignatureOff

Finally, just restart apache. Of course, if you do not find these two values You can add it yourself at the end of the file (confirm that it does not exist before adding it yourself).

# I believe you have mastered the methods after reading these cases. For more exciting information, please pay attention to other related articles on the php Chinese website!

How to hide the Apache version in PHP+Apache environment to avoid being attacked

Related articles