« RSS Feed | Main | Keep Accurate Time with ntpd and ntpdate »

July 24, 2005

Hide Apache and PHP Information in HTTP Headers

By default, Apache will send version and modules information (e.g., mod_php, mod_perl, mod_ssl) in every HTTP header. You can check it with a HTTP header tool. For example, the header of this blog:
Server: Apache/1.3.33 (Unix) PHP/4.3.11

To hide the information, config Apache:
ServerTokens ProductOnly
ServerSignature Off

The header changed to:
Server: Apache

But for a PHP powered website, PHP engine will add its information to the headers regardless of Apache configuration:
Server: Apache
X-Powered-By: PHP/4.3.11

To avoid this, turn off expose_php in php_ini:
expose_php = Off

Category : Apache

Posted by FreeBSD Newbie at July 24, 2005 04:51 PM

Comments

Post a comment

Name:

Email Address:
(Optional, will not be shown to the public)

Remember Me? YesNo

Comments: (Comment with any URL will be discarded due to crazy spambots.