Website security is the most important and critical component of web hosting. The cyber attacks may damage your application. This tutorial will help you to hide Apache/PHP version details from end-users. Before making the change first use below command to view what information server sending an HTTP header.
Step 1 – Check Header Details
You can use curl or wget command to fech head details of any website via command line.
wget --server-response --spider http://example.com/index.php
Note the above details and keep for comparing later. Let’s follow the steps to hide details.
Step 2 – Hide Apache Server Details
First of all, find and edit Apache configuration file on your system. The Apache configuration file can be find at the following location.
Configuration Files
- CentOS/Fedora/Redhat – /etc/httpd/conf/httpd.conf
- Ubuntu/Debian/Linuxmint – /etc/apache2/conf-enabled/security.conf
Setup ServerTokens Directive
The
There are following options can be configured with the response values when using that. Use one of below on basis of the server.
ServerTokensProd # Server sends (e.g.): Server: Apache
click here for more option’s to use with ServerTockens directive
Setup ServerSignature Directive
The
ServerSignatureOff
Step 3 – Hide PHP Version
By Default PHP installation exposes to the world that PHP is installed on the server, which includes the PHP version within the HTTP header (Eg:, X-Powered-By: PHP/7.2.0-2+ubuntu16.04.1+deb.sury.org+2). Read More
Configuration File-
- CentOS/Fedora/Redhat – /etc/php.ini
- Ubuntu/Debian/Linuxmint – /etc/php/
7.2 /apache2/php.ini
To hide this values from header edit php.ini and update below directive to Off
expose_php =Off
Step 4 – Reload Apache and Verify Settings
Restart Apache server to reload changes.
sudo sytemctl restart httpd.service ## Redhat systems sudo sytemctl restart apache2.service ## Debian systems
You have made the necessary changes in your server. Now again use below command after making all changes and compare the output with earlier results.
wget --server-response --spider http://example.com/index.php
5 Comments
Very helpful did the Job in one Go
Thanks its helpful for me.
Very Nice Bro
Pretty nice post. I discovered your weblog and
wished to say just
that I’ve really enjoyed surfing around your blog
posts. In any full case
I’m going to be subscribing to your rss feed (hopefully I could find it) and I am hoping
you soon write again very!
hi how can i remove server header complete when using ServerTokens Prod its set server header to Apache!! i want to remove this or replace that.
thanks for your nice site.