All HowTo's Cybersecurity Linux Redhat, Fedora and CentOS Linux Web Servers

Hide Apache and PHP Version Details

Sometimes we don’t want the public knowing the versions of Apache and PHP running on our servers. This article shows how to hide that information. We’re using CentOS 7 for this example but the only difference really is the location of the configuration file for the Vhosts.

Hide the Apache version.

Edit the “/etc/httpd/conf.d/example.conf” file and add the following to the very top of the file, before the “VirtualHost” line:

ServerSignature Off
ServerTokens Prod

Hide the PHP version.

Edit the “/etc/php.ini” file. Search for the “expose” line and change it from “On” to “Off”:

expose_php = Off

Restart Apache to have the settings to apply. If you’re using Nginx with php-fpm, make sure to restart “php-fpm” too.

systemctl restart httpd
systemctl restart php-fpm

You can test your changes by using “curl” with the “-v” option:

curl -v

Leave a Reply

Your email address will not be published. Required fields are marked *