Wednesday, October 19, 2011

hide apache & php

Here is how to hide your apache & php versions:

1-  Login to your linux server as previliged user.

2- Open apache configuration file
# vi /etc/httpd/httpd.conf


2- Look for "ServerSignature" and change it to Off:
    ServerSignature Off

3- Exit vi (by ctrl + x).

4- Open php configuration file:
# vi /etc/php.ini

5- Look for expose_php and set it to Off:
    expose_php Off

6- Exit editor (ctrl + x)

7- Restart apache
# service httpd restart

* Its better to set ServerTokens to Prod as well in httpd.conf (originally it would be set to "OS").

**  applies to redhat linux , fedora, centos etc.



No comments:

Post a Comment