Hide Apache ServerSignature / ServerTokens / PHP X-Powered-By

方法

modify httpd.conf file or apache.conf file

ServerSignature

ServerSignature Off
ServerSignature On
ServerSignature Email

ServerTokens

Prod or ProductOnly – Server sends (e.g.): Server: Apache

ServerTokens Prod

Major – Server sends (e.g.): Server: Apache/2

ServerTokens Major

Minor – Server sends (e.g.): Server: Apache/2.2

ServerTokens Minor

Min or Minimal – Server sends (e.g.): Server: Server: Apache/2.2.4

ServerTokens Min

OS – Server sends (e.g.): Server: Apache/2.2.4 (Ubuntu)

ServerTokens OS

Full or not specified – Server sends (e.g.): Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4

ServerTokens Full

Hide PHP version (X-Powered-By)

Hiding PHP version (X-Powered-By) is easy. Add or modify following php.ini file row like following:

expose_php = Off

結語

Safest basic setup is following:
httpd.conf or apache.conf rows:

ServerSignature Off
ServerTokens Prod

php.ini row:

expose_php = Off

Before:

HTTP/1.1 200 OK
Date: Fri, 20 Nov 2009 12:20:30 GMT
Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4
X-Powered-By: PHP/5.2.3-1ubuntu6.4
Connection: close
Content-Type: text/html; charset=UTF-8

After:

HTTP/1.1 200 OK
Date: Fri, 20 Nov 2009 13:06:21 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=UTF-8
© 版權聲明
THE END
喜歡就支持一下吧
點讚0 分享
評論 搶沙發
头像
歡迎您留下寶貴的見解!
提交
头像

暱稱

取消
暱稱表情代碼圖片