Home > Backend Development > PHP Tutorial > How to hide the version numbers of Nginx or Apache and PHP

How to hide the version numbers of Nginx or Apache and PHP

WBOY
Release: 2016-07-29 09:08:01
Original
959 people have browsed it

When a hacker invades a server, he will first "step in". The "step in" here refers to knowing the details of some services running in the server, such as: version number. When the hacker knows the version number of the corresponding service, , you can look for some vulnerabilities in the corresponding version of the service to invade and attack, so we need to hide these version numbers to avoid some unnecessary problems

Let’s test it

insoz:~ insoz$ curl -I http://127.0.0.1/phpinfo.php
HTTP/1.1 200 OK
Server: nginx/1.5.0
Date: Thu, 18 Jun 2015 02:39:32 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.1
Copy after login

You can see our server nginx and php The versions are all exposed. Let’s take a look at the hiding method

First, let’s look at the method of hiding the version number in nginx:
In the nginx configuration file nginx.conf, add the following code

server_tokens off;
Copy after login

The method of hiding the version number in apache :
In the apache configuration file httpd.conf, add the following code

ServerTokens Prod
ServerSignature Off
Copy after login

Let’s look at how to hide the version number in php:
In the php configuration file php.ini, add the following code

expose_php = Off
Copy after login

Okay, After the modification is completed, restart the service and let’s test it again:

insoz:~ insoz$ curl -I http://127.0.0.1//phpinfo.php
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Jun 2015 02:41:47 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Copy after login

The above introduces the method of hiding the version number of Nginx or Apache and PHP, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template