When a hacker invades a server, he will first "step in". The "step in" here refers to knowing the details of some services running in the server, such as: version number. When the hacker knows the version number of the corresponding service, , you can look for some vulnerabilities in the corresponding version of the service to invade and attack, so we need to hide these version numbers to avoid some unnecessary problems
Let’s test it
insoz:~ insoz$ curl -I http://127.0.0.1/phpinfo.php HTTP/1.1 200 OK Server: nginx/1.5.0 Date: Thu, 18 Jun 2015 02:39:32 GMT Content-Type: text/html Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/5.3.1
You can see our server nginx and php The versions are all exposed. Let’s take a look at the hiding method
First, let’s look at the method of hiding the version number in nginx:
In the nginx configuration file nginx.conf, add the following code
server_tokens off;
The method of hiding the version number in apache :
In the apache configuration file httpd.conf, add the following code
ServerTokens Prod ServerSignature Off
Let’s look at how to hide the version number in php:
In the php configuration file php.ini, add the following code
expose_php = Off
Okay, After the modification is completed, restart the service and let’s test it again:
insoz:~ insoz$ curl -I http://127.0.0.1//phpinfo.php HTTP/1.1 200 OK Server: nginx Date: Thu, 18 Jun 2015 02:41:47 GMT Content-Type: text/html Connection: keep-alive Vary: Accept-Encoding
The above introduces the method of hiding the version number of Nginx or Apache and PHP, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.