Home » » Hide Apache ServerSignature / ServerTokens / PHP X-Powered-By

Hide Apache ServerSignature / ServerTokens / PHP X-Powered-By

By  10:03 PM  No comments

Hiding and modifying Apache server information


Fortunately, such data can easily hide and modify by changing the ServerSignature and ServerTokens directives.

ServerSignature

ServerSignature configures the footer on server-generated documents. Just like example 404 error page. Normal use it’s better hide whole signature and add or modify httpd.conf file or apache.conf file following row:

ServerSignature Off

ServerTokens

Configures the Server HTTP response header. Different ServerTokens directive options are following (add or modify httpd.conf file or apache.conf):

Prod or ProductOnly – Server sends (e.g.): Server: Apache
ServerTokens Prod

Major – Server sends (e.g.): Server: Apache/2
ServerTokens Major

Minor – Server sends (e.g.): Server: Apache/2.2
ServerTokens Minor

Min or Minimal – Server sends (e.g.): Server: Server: Apache/2.2.4
ServerTokens Min

OS – Server sends (e.g.): Server: Apache/2.2.4 (Ubuntu)
ServerTokens OS

Full or not specified – Server sends (e.g.): Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4
ServerTokens Full

ServerTokens setting applies to the entire server, and cannot be enabled or disabled on a virtualhost-by-virtualhost basis.

Hide PHP version (X-Powered-By)

Hiding PHP version (X-Powered-By) is easy. Add or modify following php.ini file row like following:
expose_php = Off






0 comments:

Post a Comment

Note: Only a member of this blog may post a comment.