Menu

How to Hide Apache and PHP Version

Written by , Updated on January 12, 2018
Security, Web Servers , ,

This article will help you to hide Apache/PHP version details from end users. Before making the change first use below command to view that what information server sending an HTTP header.

wget --server-response --spider http://example.com/index.php

Note the above details and keep for comparing later. Let’s follow the steps to hide details.

1. Hide Apache Server Information

Configuration Files-

  • CentOS/Fedora/Redhat – /etc/httpd/conf/httpd.conf
  • Ubuntu/Debian/Linuxmint – /etc/apache2/conf-enabled/security.conf

Setup ServerTokens Directive:

The ServerTokens directive controls whether Server response header field which is sent back to clients includes the generic OS details.

There are following options can be configured with the response values when using that. Use one of below on basis of the server.

ServerTokens Prod    # Server sends (e.g.): Server: Apache

click here for more option’s to use with ServerTockens directive

Setup ServerSignature Directive

The ServerSignature configures the footer on server-generated documents. Edit Apache configuration file and search ServerSignature directive and update it. Read More about ServerSignature

ServerSignature  Off

2. Hide PHP Version

By Default PHP installation exposes to the world that PHP is installed on the server, which includes the PHP version within the HTTP header (Eg:, X-Powered-By: PHP/7.2.0-2+ubuntu16.04.1+deb.sury.org+2). Read More

Configuration File-

  • CentOS/Fedora/Redhat – /etc/php.ini
  • Ubuntu/Debian/Linuxmint – /etc/php/7.2/apache2/php.ini

To hide this values from header edit php.ini and update below directive to Off

expose_php = Off

3. Restart Apache and Verify Changes

Restart Apache server to reload changes.

sudo sytemctl restart httpd.service        ## Redhat systems 
sudo sytemctl restart apache2.service      ## Debian systems

You have made necessary changes in your server. Now again use below command after making all changes and compare the output with earlier results.

wget --server-response --spider http://example.com/index.php

Rahul K.
Rahul K.
Connect on Facebook Connect on Twitter Connect on Google+

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

Related Posts

2 Comments

  1. Website Design Oakville Reply to Website
    October 18, 2018 at 1:57 am

    Pretty nice post. I discovered your weblog and
    wished to say just
    that I’ve really enjoyed surfing around your blog
    posts. In any full case
    I’m going to be subscribing to your rss feed (hopefully I could find it) and I am hoping
    you soon write again very!

  2. f 3 r y Reply to f
    October 21, 2014 at 9:21 pm

    hi how can i remove server header complete when using ServerTokens Prod its set server header to Apache!! i want to remove this or replace that.
    thanks for your nice site.

Leave a Reply

All rights reserved. © 2013-2018 TecAdmin.net. This site uses cookies. By using this website you agree our term and services