This is an old revision of the document!

Warning: Undefined variable $state in /usr/share/nginx/html/lib/plugins/tabinclude/helper.php on line 130

Warning: Undefined variable $html in /usr/share/nginx/html/lib/plugins/tabinclude/helper.php on line 240

Apache Security

It is very important to keep your server secure. Hiding versions of php and apache are part of the security measures.

Hiding PHP version
Hiding Apache version

>> Go to this page.

Hiding php version

If you run a curl on your website similar to the curl below, does it return php versions?
This is NOT secure. We will now make a simple change to the /etc/php.ini file to hide this

Example curl:

curl -LIsX GET lukeslinux.co.uk | grep php

To hide the php value, turn the following value Off

expose_php = On;

Restart apache and you are done. Test again by rerunning the curl command.

>> Go to this page.

Hiding apache version

If you run a curl on your website similar to the curl below, does it return apache versions?
This is NOT secure. We will now make a simple change to the httpd.conf or apache2.conf file to hide this

Example curl:

curl -LIsX GET lukeslinux.co.uk | grep -i apache

Value	Description
ServerTokens Prod	This will configure apache not to send any version numbers in the HTTP header
Server Signature Off	This will make sure apache does not display version number in footer of server generated pages

To hide the php value, turn the following value Off

ServerSignature On;

You will also need to change the following value:

ServerTokens Prod

Restart apache and you are done. Test again by rerunning the curl command.