nginx and apache and php how to hide http header version information
- 2020-05-10 23:11:01
- OfStack
1. nginx hidden header version information method
edits the nginx.conf configuration file, adding the following line within http{}
http {
...
server_tokens off;
...
}
edits the php-fpm configuration file, fastcgi.conf or fcgi.conf
Find:
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
To:
fastcgi_param SERVER_SOFTWARE nginx;
Restart the nginx service to take effect
[root@xmydlinux conf]# curl --head 127.0.0.1
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
Connection: keep-alive
.....................
2. apache hides header version information
edit httpd.conf file
Find:
ServerTokens OS
ServerSignature On
Is amended as:
ServerTokens ProductOnly
ServerSignature Off
Restart the httpd service to take effect
[root@xmydlinux ~]# curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Content-Length: 97
Connection: close
Content-Type: text/html
Also: changeable source include directory ap_release.h this file
#define AP_SERVER_BASEVENDOR " Apache Software Foundation " #apache Relevant wording can be changed
#define AP_SERVER_BASEPROJECT " Apache HTTP Server "
#define AP_SERVER_BASEPRODUCT " Apache "
#define AP_SERVER_MAJORVERSION_NUMBER 2 # The version field can be changed at will
#define AP_SERVER_MINORVERSION_NUMBER 2
#define AP_SERVER_PATCHLEVEL_NUMBER 17
#define AP_SERVER_DEVBUILD_BOOLEAN 0
3. The head file of PHP version is hidden and returned
Modify the php.ini file
Find:
expose_php = On
Is amended as:
expose_php = Off
The e words "X-Powered-By: PHP/5.2.17" can be avoided in the head message of http.