How To Hide Apache and PHP Version from HTTP Headers

    RahulBy 2 Mins ReadUpdated:

    Website security is the most important and critical component of web hosting. The cyber attacks may damage your application. This tutorial will help you to hide Apache/PHP version details from end-users. Before making the change first use below command to view what information server sending an HTTP header.

    Step 1 – Check Header Details

    You can use curl or wget command to fech head details of any website via command line.

    wget --server-response --spider http://example.com/index.php

    Note the above details and keep for comparing later. Let’s follow the steps to hide details.

    Step 2 – Hide Apache Server Details

    First of all, find and edit Apache configuration file on your system. The Apache configuration file can be find at the following location.

    Configuration Files

    • CentOS/Fedora/Redhat – /etc/httpd/conf/httpd.conf
    • Ubuntu/Debian/Linuxmint – /etc/apache2/conf-enabled/security.conf

    Setup ServerTokens Directive

    The ServerTokens directive controls whether Server response header field which is sent back to clients includes the generic OS details.

    There are following options can be configured with the response values when using that. Use one of below on basis of the server.

    ServerTokens Prod    # Server sends (e.g.): Server: Apache

    click here for more option’s to use with ServerTockens directive

    Setup ServerSignature Directive

    The ServerSignature configures the footer on server-generated documents. Edit Apache configuration file and search ServerSignature directive and update it. Read More about ServerSignature

    ServerSignature  Off

    Step 3 – Hide PHP Version

    By Default PHP installation exposes to the world that PHP is installed on the server, which includes the PHP version within the HTTP header (Eg:, X-Powered-By: PHP/7.2.0-2+ubuntu16.04.1+deb.sury.org+2). Read More

    Configuration File-

    • CentOS/Fedora/Redhat – /etc/php.ini
    • Ubuntu/Debian/Linuxmint – /etc/php/7.2/apache2/php.ini

    To hide this values from header edit php.ini and update below directive to Off

    expose_php = Off

    Step 4 – Reload Apache and Verify Settings

    Restart Apache server to reload changes.

    sudo sytemctl restart httpd.service        ## Redhat systems 
sudo sytemctl restart apache2.service      ## Debian systems

    You have made the necessary changes in your server. Now again use below command after making all changes and compare the output with earlier results.

    wget --server-response --spider http://example.com/index.php

    Share.

    Related Posts

    5 Comments

    4. Website Design Oakville on

      Pretty nice post. I discovered your weblog and
      wished to say just
      that I’ve really enjoyed surfing around your blog
      posts. In any full case
      I’m going to be subscribing to your rss feed (hopefully I could find it) and I am hoping
      you soon write again very!

      Reply
    5. f 3 r y on

      hi how can i remove server header complete when using ServerTokens Prod its set server header to Apache!! i want to remove this or replace that.
      thanks for your nice site.

      Reply

    Leave A Reply