Summary of methods to hide PHP version and apache version

Home

Backend Development

PHP Tutorial

Summary of methods to hide PHP version and apache version_PHP tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 13, 2016 am 10:47 AM

apache php and use Discover Can tool Summarize method check Version of Related hide

Today I discovered that you can use webmaster tools or some related tools to directly check the php version number and apache version number used by the server. This is very unsafe for the website. If there is a problem with these versions, some people can It’s done directly. Let’s take a look at the method of hiding the version. Unfortunately, I haven’t found a solution yet under Windows.

Hide PHP version

For security reasons, it is best to hide the PHP version to avoid some attacks caused by PHP version vulnerabilities.

1. Hiding the PHP version means hiding the information "X-Powered-By: PHP/5.2.13".

The method is very simple:

Edit the php.ini configuration file, modify or add: expose_php = Off After saving, restart the corresponding web server such as Nginx or Apache.

The code is as follows

Copy code

代码如下	复制代码
[root@bkjz /]# curl -I www.bKjia.c0m HTTP/1.1 200 OK Server: nginx Date: Tue, 20 Jul 2010 05:45:13 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding

[root@bkjz /]# curl -I www.bKjia.c0m

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 20 Jul 2010 05:45:13 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive

Vary: Accept-Encoding

The PHP version has been completely hidden.

Hide Apache version number

代码如下	复制代码
[root@localhost tmp]# curl -I 192.168.80.128:88 HTTP/1.1 403 Forbidden Date: Wed, 21 Jul 2010 13:09:33 GMT Server: Apache/2.2.15 (CentOS) Accept-Ranges: bytes Content-Length: 5043 Connection: close Content-Type: text/html; charset=UTF-8

Generally, software vulnerability information is related to a specific version, so the software version number is very valuable to attackers.

代码如下	复制代码
vim /etc/httpd/conf/httpd.conf

By default, the system will display all Apache version modules (http returns header information). If a directory is listed, the domain name information (text of the file list) will be displayed, such as:

The code is as follows

Copy code

[root@localhost tmp]# curl -I 192.168.80.128:88

HTTP/1.1 403 Forbidden Date: Wed, 21 Jul 2010 13:09:33 GMT Server: Apache/2.2.15 (CentOS)

Accept-Ranges: bytes

Content-Length: 5043 Connection: close Content-Type: text/html; charset=UTF-8

Hide method:

代码如下	复制代码
apachectl restart

1. The way to hide the Apache version number is to modify the Apache configuration file. For example, the default for RedHat Linux is:

The code is as follows

Copy code

vim /etc/httpd/conf/httpd.conf

代码如下	复制代码
[root@localhost tmp]# curl -I 192.168.80.128:88 HTTP/1.1 403 Forbidden Date: Wed, 21 Jul 2010 13:23:22 GMT Server: Apache Accept-Ranges: bytes Content-Length: 5043 Connection: close Content-Type: text/html; charset=UTF-8

Search for the keywords ServerTokens and ServerSignature respectively, modify: ServerTokens OS is modified to ServerTokens ProductOnly ServerSignature On is changed to ServerSignature Off 2. Just restart or reload Apache.

The code is as follows	Copy code
apachectl restart

Test it as follows:

The code is as follows	Copy code
[root@localhost tmp]# curl -I 192.168.80.128:88 HTTP/1.1 403 Forbidden Date: Wed, 21 Jul 2010 13:23:22 GMT Server: Apache Accept-Ranges: bytes Content-Length: 5043 Connection: close Content-Type: text/html; charset=UTF-8

The version number and operating system information have been hidden.

3. The above method is for Apache installed by default. If it is compiled and installed, you can also use the method of modifying the source code to compile:

Go to the include directory under the Apache source code directory, and then edit the ap_release.h file. You will see the following variables:

#define AP_SERVER_MAJORVERSION_NUMBER 2
#define AP_SERVER_MINORVERSION_NUMBER 2
#define AP_SERVER_PATCHLEVEL_NUMBER 15
#define AP_SERVER_DEVBUILD_BOOLEAN 0

The code is as follows

代码如下

复制代码

#define AP_SERVER_BASEVENDOR “Apache Software Foundation”
#define AP_SERVER_BASEPROJECT “Apache HTTP Server”
#define AP_SERVER_BASEPRODUCT “Apache”

#define AP_SERVER_MAJORVERSION_NUMBER 2
#define AP_SERVER_MINORVERSION_NUMBER 2
#define AP_SERVER_PATCHLEVEL_NUMBER 15
#define AP_SERVER_DEVBUILD_BOOLEAN 0

Copy code

#define AP_SERVER_BASEVENDOR “Apache Software Foundation”
#define AP_SERVER_BASEPROJECT “Apache HTTP Server”
#define AP_SERVER_BASEPRODUCT “Apache”

true

http: //www.bkjia.com/PHPjc/632828.html

TechArticleToday I found that using webmaster tools or some related tools can directly check the php version number and apache used by the server version number, this is very unsafe for the website, if this...

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

1 months ago By DDD

Where to find the Crane Control Keycard in Atomfall

3 weeks ago By DDD

Roblox: Dead Rails - How To Complete Every Challenge

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7642

CakePHP Tutorial

1392

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

150

Related knowledge

Recommended essential software for currency contract parties Apr 21, 2025 pm 11:21 PM

The top ten cryptocurrency contract exchange platforms in 2025 are: 1. Binance Futures, 2. OKX Futures, 3. Gate.io, 4. Huobi Futures, 5. BitMEX, 6. Bybit, 7. Deribit, 8. Bitfinex, 9. CoinFLEX, 10. Phemex, these platforms are widely recognized for their high liquidity, diversified trading functions and strict security measures.

Recommend several apps to buy mainstream coins in 2025 latest release Apr 21, 2025 pm 11:54 PM

APP software that can purchase mainstream coins includes: 1. Binance, the world's leading, large transaction volume and fast speed; 2. OKX, innovative products, low fees, high security; 3. Gate.io, a variety of assets and trading options, focusing on security; 4. Huobi (HTX), low fees, good user experience; 5. Coinbase, suitable for novices, high security; 6. Kraken, safe and compliant, providing a variety of services; 7. KuCoin, low fees, suitable for professional traders; 8. Gemini, emphasizes compliance, and provides custodial services; 9. Crypto.com, providing a variety of offers and services; 10. Bitstamp, an old exchange, strong liquidity,

Ranking of leveraged exchanges in the currency circle The latest recommendations of the top ten leveraged exchanges in the currency circle Apr 21, 2025 pm 11:24 PM

The platforms that have outstanding performance in leveraged trading, security and user experience in 2025 are: 1. OKX, suitable for high-frequency traders, providing up to 100 times leverage; 2. Binance, suitable for multi-currency traders around the world, providing 125 times high leverage; 3. Gate.io, suitable for professional derivatives players, providing 100 times leverage; 4. Bitget, suitable for novices and social traders, providing up to 100 times leverage; 5. Kraken, suitable for steady investors, providing 5 times leverage; 6. Bybit, suitable for altcoin explorers, providing 20 times leverage; 7. KuCoin, suitable for low-cost traders, providing 10 times leverage; 8. Bitfinex, suitable for senior play

Which Bitcoin futures exchange is global? Apr 21, 2025 pm 11:18 PM

The top five Bitcoin futures exchanges rankings are: 1. CME Group: The most trustworthy in the world, attracting institutional investors, and have strong compliance; 2. Coinbase: Specially for retail investors, providing 13 futures contracts, with high ease of use; 3. Binance: High leverage, good liquidity, and large user volume; 4. OKX: Large cumulative trading volume, professional interface, and complete risk management; 5. Kraken: High security, suitable for European market and institutional customers.

Currency Circle Contract Trading Platform Ranking 2025 Apr 21, 2025 pm 11:15 PM

Here are the top ten cryptocurrency futures exchanges in the world: 1. Binance Futures: Provides a wealth of contract products, low fees and high liquidity. 2. OKX: Supports multiple currency transactions, using SSL encryption and cold wallet storage. 3. Huobi Futures: Known for its stable platform and good service, it provides educational resources. 4. Gate.io: Innovative contract products and high liquidity, but FTX was bankrupt. 5. Deribit: Focus on options and perpetual contracts, providing professional trading tools. 6. CoinFLEX: Provides tokenized futures contracts and governance tokens FLEX. 7. Phemex: up to 100 times leverage, low transaction fees, and provides innovative contracts. 8. B

Ouyi Ouyi Ouyi Ouix Ouyi Global Station Login Home Page Apr 21, 2025 pm 11:57 PM

Ouyi OKX is the world's leading digital asset trading platform. 1) Its development history includes: it will be launched in 2017, the Chinese name "Ouyi" will be launched in 2021, and it will be renamed Ouyi OKX in 2022. 2) Core services include: trading services (coin, leverage, contracts, DEX, fiat currency trading) and financial services (Yubibao, DeFi mining, lending). 3) The platform's special functions include: market data services and risk control system. 4) Core advantages include: technical strength, security system, service support and market coverage.

The best cryptocurrency exchanges in the world in 2025: Top recommendations Apr 21, 2025 pm 10:39 PM

The best cryptocurrency exchanges in the world in 2025 are: 1. Binance, 2. Coinbase, 3. OkX, 4. Kraken, 5. KuCoin, 6. Bitget, 7. Bybit, 8. Gemini, 9. Crypto.com, 10. MEXC Matcha Exchange, these exchanges perform well in security, user experience, trading fees, currency selection, trading functions, compliance, innovation capabilities and global coverage, and are suitable for investors with different needs.

Quantum Chain Exchange Ranking Top 10 Recommended (Updated in 2025) Apr 21, 2025 pm 11:48 PM

Quantum chains can be traded on the following exchanges: 1. Binance: One of the world's largest exchanges, with large trading volume, rich currency and high security. 2. Sesame Open Door (Gate.io): a large exchange, providing a variety of digital currency transactions, with good trading depth. 3. Ouyi (OKX): operated by OK Group, with strong comprehensive strength, large transaction volume, and complete safety measures. 4. Bitget: Fast development, provides quantum chain transactions, and improves security. 5. Bithumb: operated in Japan, supports transactions of multiple mainstream virtual currencies, and is safe and reliable. 6. Matcha Exchange: a well-known exchange with a friendly interface and supports quantum chain trading. 7. Huobi: a large exchange that provides quantum chain trading,

See all articles