Usually, most web servers installed with default settings have information leakage, and one of them is PHP. PHP is one of the most popular server-side HTML embedded languages today. In these challenging times, there are many attackers who will try to find vulnerabilities on your server. Therefore, I will briefly describe how to hide PHP information in a Linux server.
expose_php is enabled by default. Turning off the "expose_php" parameter allows PHP to hide its version information.
[root@centos66 ~]# vi /etc/php.ini
In your php.ini, locate the line containing expose_php and set On to Off:
expose_php = Off
Before this , the web server header looks like this:
[root@centos66 ~]# curl -I http://www.ehowstuff.com/
HTTP/1.1 200 OK
Server: nginx
Content- Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.ehowstuff.com/xmlrpc.php
Date: Wed, 11 Feb 2015 14:10:43 GMT
X-Page-Speed: 1.9.32.2-4321
Cache-Control: max-age=0, no-cache
Change and restart the Web service After that, php will not display the version in the web service header:
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Vary: Accept- Encoding
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.ehowstuff.com/xmlrpc.php
Date: Wed, 11 Feb 2015 14:10:43 GMT
X-Page-Speed: 1.9.32.2-4321
Cache-Control: max-age=0, no-cache
LCTT translation annotation: In addition to the version of PHP, the web server will also leak the version number by default. If you use Apache server, please refer to this article to turn off the Apache version display; if you use Nginx server, please add server_tokens off; configuration in the http section. Please remember to restart related services for the above modifications.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
