Sometimes we don’t want the public knowing the versions of Apache and PHP running on our servers. This article shows how to hide that information. We’re using CentOS 7 for this example but the only difference really is the location of the configuration file for the Vhosts.
Hide the Apache version.
Edit the “/etc/httpd/conf.d/example.conf” file and add the following to the very top of the file, before the “VirtualHost” line:
ServerSignature Off ServerTokens Prod
Hide the PHP version.
Edit the “/etc/php.ini” file. Search for the “expose” line and change it from “On” to “Off”:
expose_php = Off
Restart Apache to have the settings to apply. If you’re using Nginx with php-fpm, make sure to restart “php-fpm” too.
systemctl restart httpd systemctl restart php-fpm
You can test your changes by using “curl” with the “-v” option:
curl -v www.example.com
