How To Hide Apache & PHP Version Information.

How To Hide  Apache & PHP Version Information.

Hi Everyone……

After default installation of Apache and PHP on Linux server it shows sensitive information (Like as OS information, PHP version information, web server name and their Version information,) to remote user.  Hacker can use this information for DDOS attack and some other performance degrades attack.

Let’s take example on my testing machine :–

Here I am using two different commands to check Apache Header

1) curl -I http://test.how2install.in

2) lynx -head -mime_header http://test.how2install.in

How to hide PHP and Apache version information.

 

 

 

 

How to hide PHP and Apache version information-1.

 

 

 

 

Now how to protect your Apache  web server &  PHP version information .

Step:-1

open  /etc/apache2/conf.d/security file and make some changes in default configuration

ServerTokens OS

Now Change It To

ServerTokens Prod

ServerSignature On

Now Change It To

ServerSignature Off

 

Step:2

open /etc/php5/apache2/php.ini file adn make some changes in defalut configuration

expose_php = On

Now Change It To

expose_php = Off

Step:3

Restart Apache services

root@promo:~# /etc/init.d/apache2 restart 
[ OK ]
[ OK ]
root@promo:~#

 Lets check it again and compare it with previous output of Apache header.

How to hide PHP and Apache version information-3

 

 

 

 

In above snapshot remote user only getting the  Apache in output, now your server  doesn’t send version information of Apache & PHP. Now remote user just got the  information you are running Apache web server  but he is not getting which Apache & PHP version you are running on server.

Enjoy……{#moods_dlg.WellDone}

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.