In general, most of the web server software has been installed with default settings that will lead to information leakage. One of them is a PHP software. PHP (Hypertest Preprocessor) is one of the most popular server-side HTML embedded scripting language for the websites today. In the current challenging times, there are lots of attacker will try to discover the weaknesses in your your server system. Hence, i will describe the simple way to hide the PHP information in Linux server.
By default expose_php is set to On. Turning off the “expose_php” parameter causes that PHP will hide it version details.
[root@centos66 ~]# vi /etc/php.ini
In your php.ini, locate the line containing expose_php On and set it to Off:
expose_php = Off
Before the changes, web server header will look like below :
[root@centos66 ~]# curl -I https://hostingcult.com/howto/
HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding X-Powered-By: PHP/5.3.3 X-Pingback: https://hostingcult.com/howto/xmlrpc.php Date: Wed, 11 Feb 2015 14:10:43 GMT X-Page-Speed: 1.9.32.2-4321 Cache-Control: max-age=0, no-cache
After the changes, PHP will no longer show the version to the web server header :
[root@centos66 ~]# curl -I https://hostingcult.com/howto/
HTTP/1.1 200 OK Server: nginx Date: Wed, 11 Feb 2015 15:38:14 GMT Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding X-Pingback: https://hostingcult.com/howto/xmlrpc.php Date: Wed, 11 Feb 2015 14:10:43 GMT X-Page-Speed: 1.9.32.2-4321 Cache-Control: max-age=0, no-cache