Hide apache and php version

por | 9 marzo, 2008


How do I Hide Apache Version info?
Open httpd.conf file (located in /etc/httpd/ directory /etc/apache2/ )



vi httpd.conf

Set Apache ServerTokens to product only but don’t show version and other info:



ServerTokens Prod

This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.

Setting this to Prod only displays Apache and nothing else.

Set Apache ServerSignature off



ServerSignature Off

The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents.

How do I hide php info?
Open php.ini (located in /etc/php.ini or /etc/php5 or /etc/php4 directory)



vi php.ini

Make sure php does not display errors and other php information. Modify add setting as follows:



expose_php = Off


register_globals = Off

Also send all errors to /var/log/php-scripts-error.log and not on screen to end user. It can provide serious information to user.
error_log = /var/log/httpd/php-scripts-error.log

Restart Apache.



/etc/init.d/httpd restart

Now all php script errors are written to /var/log/httpd/php-scripts-error.log. Ask your website developers to use following commands to view log files



tail -f /var/log/httpd/php-scripts-error.log

vi /var/log/httpd/php-scripts-error.log.

For more info please read Apache 2 docs http://httpd.apache.org/docs/2.2/mod/core.html