Home > Apache > Hide Apache and PHP Information in HTTP Headers

Hide Apache and PHP Information in HTTP Headers

July 24, 2005 Posted by KP

By default, Apache will send version and modules information (e.g., mod_php, mod_perl, mod_ssl) in every HTTP header. You can check it with a HTTP header tool. For example, the header of this blog:
Server: Apache/1.3.33 (Unix) PHP/4.3.11

To hide the information, config Apache:
ServerTokens ProductOnly
ServerSignature Off

The header changed to:
Server: Apache

But for a PHP powered website, PHP engine will add its information to the headers regardless of Apache configuration:
Server: Apache
X-Powered-By: PHP/4.3.11

To avoid this, turn off expose_php in php_ini:
expose_php = Off

Bookmark and Share


Related Posts:

Filed Under: Apache

Leave a Comment









*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word


Subscribe via RSS/EMail


Categories

Archives

Links

  • Dedicated Servers

    • Meta