Configuring method to hide version information of apache and php_PHP tutorial

Hide the version information of apache and php. The web server can avoid unnecessary troubles by not displaying the version information of apache and php

Hide Apache version information

/etc/apache2/apache2.conf or /etc/httpd/conf/httpd.conf

ServerTokens ProductOnly
ServerSignature Off

Restart apache
Now I only see in the http header:
Server: Apache

Hide PHP version
php.ini

expose_php On
Change to
expose_php Off

After restarting apache, the php version is hidden in the http header.

Detailed explanation:

In order to prevent some people with ulterior motives from peeking into our server, what should be done.
Let’s take a look at the two related parameters, namely ServerTokens and ServerSignature. Controlling these two valves should be able to play some role. For example, we can write this in the configuration file:
ServerTokens Prod
ServerSignature Off

ServerTokens
Used to control whether the server responds to requests from the client and outputs important system information such as server system type or built-in modules to the client. The default threshold for providing global control in the main configuration file is "Full" (ServerTokens Full), so if your Linux distribution has not changed this threshold, all sensitive information related to your system will be disclosed to the world. . For example, RHEL will change the threshold to "ServerTokens OS", while Debian still uses the default "Full" threshold
Taking apache-2.0.55 as an example, the threshold can be set to one of the following (followed by the corresponding Banner Header):
Prod >>> Server: Apache
Major >>> Server: Apache/2
Minor >>> Server: Apache/2.0
Minimal >>> Server: Apache/2.0.55
OS >>> Server: Apache/2.0.55 (Debian)
Full (or not specified) default >>> Server: Apache/2.0.55 (Debian) PHP/5.1.2-1+b1 mod_ssl/2.0.55 OpenSSL/0.9.8b

ServerSignature
Controls how information is displayed in the footer of system-generated pages (error messages, mod_proxy ftp directory listing, etc.).

Can be controlled in the global settings file or through the .htaccess file
The default is "off" (ServerSignature Off). Some Linux distributions may open this valve. For example, Debian sets this valve to open by default on the default virtual host
The global valve threshold will be overridden by the threshold in the configuration file of the virtual host or directory unit, so you must ensure that this should not happen.

http://www.bkjia.com/PHPjc/371568.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/371568.htmlTechArticleHide the version information of apache and php. The web server can avoid some unnecessary troubles. You can put the versions of apache and php The information does not show the hidden Apache version information /etc/apache2/apache2.conf or...