Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


How to hide the Apache and PHP Versions

from response headers

For Apache, you'll need to create a ServerTokens Directive, either in the http.conf file or any of the various includes (/etc/httpd/conf.d). The correct directive should be

ServerTokens Prod

For apache generated documents (error etc) you will want to hide version information, this is done with the ServerSignature directive, which again can be placed in any apache configuration file.

ServerSignature off

PHP Version

Php will provide its version in response headers for .php pages, and we really should hide this. We will need to locate the php.ini file (normally /etc/php.ini) and add/change the expose_php directive.

expose_php = off
Restart and Apply

Once all this is changed we need to restart the various services, for apache we can use

systemctl restart httpd

which will restart apache, and PHP if you're using fcgi. If you are instead using php-fpm then you'll need to restart that service too

systemctl restart php-fpm

NOTE: In some environments these services are named differently (virtualmin for example) so you might need to locate the correct service name if you get an error.

/data/webs/external/dokuwiki/data/pages/computerfaq/hide_apache_php_versions.txt · Last modified: 2022/03/16 18:22 by genadmin

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki