Table of Contents
How to hide the Apache and PHP Versions
from response headers
For Apache, you'll need to create a ServerTokens Directive, either in the http.conf file or any of the various includes (/etc/httpd/conf.d). The correct directive should be
ServerTokens Prod
Server Footer
For apache generated documents (error etc) you will want to hide version information, this is done with the ServerSignature directive, which again can be placed in any apache configuration file.
ServerSignature off
PHP Version
Php will provide its version in response headers for .php pages, and we really should hide this. We will need to locate the php.ini file (normally /etc/php.ini) and add/change the expose_php directive.
expose_php = off
Restart and Apply
Once all this is changed we need to restart the various services, for apache we can use
systemctl restart httpd
which will restart apache, and PHP if you're using fcgi. If you are instead using php-fpm then you'll need to restart that service too
systemctl restart php-fpm
NOTE: In some environments these services are named differently (virtualmin for example) so you might need to locate the correct service name if you get an error.