Here is how to hide your apache & php versions:
1- Login to your linux server as previliged user.
2- Open apache configuration file
# vi /etc/httpd/httpd.conf
2- Look for "ServerSignature" and change it to Off:
ServerSignature Off
3- Exit vi (by ctrl + x).
4- Open php configuration file:
# vi /etc/php.ini
5- Look for expose_php and set it to Off:
expose_php Off
6- Exit editor (ctrl + x)
7- Restart apache
# service httpd restart
* Its better to set ServerTokens to Prod as well in httpd.conf (originally it would be set to "OS").
** applies to redhat linux , fedora, centos etc.
No comments:
Post a Comment