发表新帖
发表新帖

Hiding PHP's X-Powered-By header

前端 未结
关注
6 1993
太阳男子
太阳男子 2020-12-13 23:59

I know in PHP, it sends the X-Powered-By header to have the PHP version.

I also know by appending some checksums, you can get access to PHP\'s credits,

6条回答
  • 孤街浪徒
    孤街浪徒 (楼主)
    2020-12-14 00:54

    See Apache Tips & Tricks: Hide PHP version (X-Powered-By)

    Ups… As we can see PHP adds its own banner:

    X-Powered-By: PHP/5.1.2-1+b1…

    Let’s see how we can disable it. In order to prevent PHP from exposing the fact that it is installed on the server, by adding its signature to the web server header we need to locate in php.ini the variable expose_php and turn it off.

    By default expose_php is set to On.

    In your php.ini (based on your Linux distribution this can be found in various places, like /etc/php.ini, /etc/php5/apache2/php.ini, etc.) locate the line containing expose_php On and set it to Off:

    expose_php = Off

    After making this change PHP will no longer add it’s signature to the web server header. Doing this, will not make your server more secure… it will just prevent remote hosts to easily see that you have PHP installed on the system and what version you are running.

    0 讨论(0)
 看不清?
提交回复
热议问题