This article mainly introduces the method of hiding the PHP version number on a Linux server, which helps prevent Attackers launch attacks targeting vulnerabilities in the detailed version of PHP. Friends in need can refer to it
Usually, most web servers installed with default settings have information leakage, and one of them is PHP. PHP is one of the most popular server-side HTML embedded languages today. In these challenging times, there are many attackers who will try to find vulnerabilities on your server. Therefore, I will briefly describe how to hide PHP information in a Linux server.
Expose_php is enabled by default. Turning off the "expose_php" parameter allows PHP to hide its version information.
?
|
[root@centos66 ~]# vi /etc/php.ini
|
In your php.ini, locate the line containing expose_php and set On to Off:
?
|
|
Previously, the web server header looked like this:
1 2 3 4 5 6 7 8 9 |
HTTP/1.1 200 OK Server: nginx Date: Wed, 11 Feb 2015 15:38:14 GMT Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding X-Pingback: http://www.ehowstuff.com/xmlrpc.php Date: Wed, 11 Feb 2015 14:10:43 GMT X-Page-Speed: 1.9.32.2-4321 Cache-Control: max-age=0, no-cache |
1
|
1
2
3
4
5
6
7
8
9
|
HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding X-Powered-By: PHP/5.3.3 X-Pingback: http://www.ehowstuff.com/xmlrpc.php Date: Wed, 11 Feb 2015 14:10:43 GMT X-Page-Speed: 1.9.32.2-4321 Cache-Control: max-age=0, no-cache |
1 2 3 4 5 6 7 8 9 | HTTP/1.1 200 OK Server: nginx Date: Wed, 11 Feb 2015 15:38:14 GMT Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding X-Pingback: http://www.ehowstuff.com/xmlrpc.php Date: Wed, 11 Feb 2015 14:10:43 GMT X-Page-Speed: 1.9.32.2-4321 Cache-Control: max-age=0, no-cache |