Monday, March 5, 2007

Hide PHP and Apache versions

If you would like to prevent Apache from exposing the version information in every request to the server, all you have to do is to put in the following lines into your apache configuration file:

ServerTokens ProductOnly
ServerSignature Off


Now that we’re not exposing the Apache version, let’s hide the PHP version also. To do this, head over to your php.ini file and set expose_php to off. This setting is on by default and when ever a php file is accessed, an X-Powered-By header is sent back through Apache.

expose_php = Off

No comments: