Facebook Twitter Instagram
    TecAdmin
    • Home
    • Ubuntu 20.04
      • Upgrade Ubuntu
      • Install Java
      • Install Node.js
      • Install Docker
      • Install LAMP Stack
    • Tutorials
      • AWS
      • Shell Scripting
      • Docker
      • Git
      • MongoDB
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    Home»Security»How To Hide Apache and PHP Version from HTTP Headers

    How To Hide Apache and PHP Version from HTTP Headers

    RahulBy RahulOctober 7, 20132 Mins ReadUpdated:May 9, 2020

    Website security is the most important and critical component of web hosting. The cyber attacks may damage your application. This tutorial will help you to hide Apache/PHP version details from end-users. Before making the change first use below command to view what information server sending an HTTP header.

    Step 1 – Check Header Details

    You can use curl or wget command to fech head details of any website via command line.

    wget --server-response --spider http://example.com/index.php
    

    Note the above details and keep for comparing later. Let’s follow the steps to hide details.

    Step 2 – Hide Apache Server Details

    First of all, find and edit Apache configuration file on your system. The Apache configuration file can be find at the following location.

    Configuration Files

    • CentOS/Fedora/Redhat – /etc/httpd/conf/httpd.conf
    • Ubuntu/Debian/Linuxmint – /etc/apache2/conf-enabled/security.conf

    Setup ServerTokens Directive

    The ServerTokens directive controls whether Server response header field which is sent back to clients includes the generic OS details.

    There are following options can be configured with the response values when using that. Use one of below on basis of the server.

    ServerTokens Prod    # Server sends (e.g.): Server: Apache
    

    click here for more option’s to use with ServerTockens directive

    Setup ServerSignature Directive

    The ServerSignature configures the footer on server-generated documents. Edit Apache configuration file and search ServerSignature directive and update it. Read More about ServerSignature

    ServerSignature  Off
    

    Step 3 – Hide PHP Version

    By Default PHP installation exposes to the world that PHP is installed on the server, which includes the PHP version within the HTTP header (Eg:, X-Powered-By: PHP/7.2.0-2+ubuntu16.04.1+deb.sury.org+2). Read More

    Configuration File-

    • CentOS/Fedora/Redhat – /etc/php.ini
    • Ubuntu/Debian/Linuxmint – /etc/php/7.2/apache2/php.ini

    To hide this values from header edit php.ini and update below directive to Off

    expose_php = Off
    

    Step 4 – Reload Apache and Verify Settings

    Restart Apache server to reload changes.

    sudo sytemctl restart httpd.service        ## Redhat systems 
    sudo sytemctl restart apache2.service      ## Debian systems 
    

    You have made the necessary changes in your server. Now again use below command after making all changes and compare the output with earlier results.

    wget --server-response --spider http://example.com/index.php
    

    Apache apache security Apache Version php security PHP Version
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp
    Previous Article6 Best Free Putty Alternatives for SSH Clients on Windows
    Next Article Create CSR for WildCard SSL on Windows Server 2008

    Related Posts

    How To Install Apache Solr 9.0 on Fedora 36/35

    Updated:May 26, 20223 Mins Read

    How to Install Apache ActiveMQ on Ubuntu 22.04

    3 Mins Read

    How to Install Apache, MySQL, PHP (LAMP Stack) on Ubuntu 22.04

    Updated:June 28, 20225 Mins Read

    How To Disable HTTP Methods in Apache

    Updated:December 31, 20212 Mins Read

    How to Install and Configure Fail2ban on Debian 11

    3 Mins Read

    How To Setup Apache, PHP & MongoDB in Ubuntu & Debian

    Updated:October 8, 20213 Mins Read

    5 Comments

    1. Clinton on April 20, 2021 7:17 am

      Very helpful did the Job in one Go

      Reply
    2. Hitesh Prajapati on August 19, 2020 2:29 pm

      Thanks its helpful for me.

      Reply
    3. Mainul on September 10, 2019 7:20 am

      Very Nice Bro

      Reply
    4. Website Design Oakville on October 18, 2018 1:57 am

      Pretty nice post. I discovered your weblog and
      wished to say just
      that I’ve really enjoyed surfing around your blog
      posts. In any full case
      I’m going to be subscribing to your rss feed (hopefully I could find it) and I am hoping
      you soon write again very!

      Reply
    5. f 3 r y on October 21, 2014 9:21 pm

      hi how can i remove server header complete when using ServerTokens Prod its set server header to Apache!! i want to remove this or replace that.
      thanks for your nice site.

      Reply

    Leave A Reply Cancel Reply

    Recent Posts
    • What is the /etc/aliases file
    • What is the /etc/nsswitch.conf file in Linux
    • How to Install Ionic Framework on Ubuntu 22.04
    • What is the /etc/hosts file in Linux
    • How to Install Angular CLI on Ubuntu 22.04
    Facebook Twitter Instagram Pinterest
    © 2022 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.