Hide Apache, Nginx, or PHP version

When requests are sent to your Apache web server, by default,
some valuable information such as the web server version, server operating system, and PHP version.
are sent back to the client.these are very good information for attackers to discover your possible vulnerabilities.
in this tutorial, we are going to show you how to hide this sensitive information.

We are assuming that you have root permission, otherwise, you may start commands with “sudo”.

Hide PHP version

For that, you have to edit the file named “php.ini”
On Debian and Ubuntu

nano /etc/php5/apache2/php.ini

On CentOS

nano /etc/php.ini

Or you can search for your config file with the command below:

find / -name php.ini

You have to edit the line that refers to “expose_php”

expose_php = Off

Finally, restart your web server and you are good to go.In Debian and Ubuntu:

service apache2 restart

On CentOS 6

service httpd restart

On CentOS 7

systemctl restart httpd.service

Disable Apache web server Signature

Disabling Apache web server signature can be done by editing Apache config file.

On Debian and Ubuntu:

nano /etc/apache2/apache2.conf

On CentOS

nano /etc/httpd/conf/httpd.conf

If you couldn’t find your Apache config file, use the following command to search for it:

find / -name httpd.conf
find / -name apache2.conf

Edit the lines that refer to “ServerSignature” and “ServerTokens” to below:

ServerSignature Off
ServerTokens Prod

Then restart the web serverOn Debian and Ubuntu:

service apache2 restart

On CentOS 6

service httpd restart

On CentOS 7

systemctl restart httpd.service

Disable Nginx web server Signature

It could be done by editing the config file:
the path of the config file is one of the two below:

nano /etc/nginx/nginx.conf
nano /usr/local/nginx/conf/nginx.conf

Or you can search for it:

find / -name nginx.conf

Then you have to find the line that refers to “server_tokens” and change it like below:

server_tokens off;

At the end restart your Nginx and you are good to go:

Debian, Ubuntu and Centos 5 or 6

service nginx restart

CentOS 7

systemctl restart nginx

Hide PHP and Apache version in cPanel

For hiding PHP version on a cPanel Server you have to change the “expose_php” to “off” from the following instructions:

Service Configurations >> PHP Configuration Editor >> Advance mode

For hiding the Apache version in cPanel you should follow the instruction below:

Service Configurations >> Apache Configuration

and change the following values:

** Server Signature >> off

** Server Tokens >> Product Only

After saving the changes you will be asked for a restart, do it and you are good to go.

Be the first to comment

Leave a Reply

Your email address will not be published.


*