This article will help you to hide Apache/PHP version details from end users. Before making the change first use below command to view that what information server sending an HTTP header.
wget --server-response --spider http://example.com/index.php
Note the above details and keep for comparing later. Let’s follow the steps to hide details.
1. Hide Apache Server Information
Configuration Files-
- CentOS/Fedora/Redhat – /etc/httpd/conf/httpd.conf
- Ubuntu/Debian/Linuxmint – /etc/apache2/conf-enabled/security.conf
Setup ServerTokens Directive:
The
There are following options can be configured with the response values when using that. Use one of below on basis of the server.
ServerTokensProd # Server sends (e.g.): Server: Apache
click here for more option’s to use with ServerTockens directive
Setup ServerSignature Directive
The
ServerSignatureOff
2. Hide PHP Version
By Default PHP installation exposes to the world that PHP is installed on the server, which includes the PHP version within the HTTP header (Eg:, X-Powered-By: PHP/7.2.0-2+ubuntu16.04.1+deb.sury.org+2). Read More
Configuration File-
- CentOS/Fedora/Redhat – /etc/php.ini
- Ubuntu/Debian/Linuxmint – /etc/php/
7.2 /apache2/php.ini
To hide this values from header edit php.ini and update below directive to Off
expose_php =Off
3. Restart Apache and Verify Changes
Restart Apache server to reload changes.
sudo sytemctl restart httpd.service ## Redhat systems sudo sytemctl restart apache2.service ## Debian systems
You have made necessary changes in your server. Now again use below command after making all changes and compare the output with earlier results.
wget --server-response --spider http://example.com/index.php
hi how can i remove server header complete when using ServerTokens Prod its set server header to Apache!! i want to remove this or replace that.
thanks for your nice site.