http://nixcraft.com/server-configuration-tutorials/746-apache-php-web-server-security-hiding-version-information.html
How do I Hide Apache Version info?
Open httpd.conf file (located in /etc/httpd/ directory /etc/apache2/ )
Code:
vi httpd.conf
Set Apache ServerTokens to product only but don’t show version and other info:
Code:
ServerTokens Prod
This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.
Setting this to Prod only displays Apache and nothing else.
Set Apache ServerSignature off
Code:
ServerSignature Off
The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents.
How do I hide php info?
Open php.ini (located in /etc/php.ini or /etc/php5 or /etc/php4 directory)
Code:
vi php.ini
Make sure php does not display errors and other php information. Modify add setting as follows:
Code:
expose_php = Off display_errors=Off register_globals = Off
Also send all errors to /var/log/php-scripts-error.log and not on screen to end user. It can provide serious information to user.
error_log = /var/log/httpd/php-scripts-error.log
Restart Apache.
Code:
/etc/init.d/httpd restart
Now all php script errors are written to /var/log/httpd/php-scripts-error.log. Ask your website developers to use following commands to view log files
Code:
tail -f /var/log/httpd/php-scripts-error.log vi /var/log/httpd/php-scripts-error.log.
For more info please read Apache 2 docs http://httpd.apache.org/docs/2.2/mod/core.html