When requests are sent to your Apache web server, by default,
some valuable information such as the web server version, server operating system, and PHP version.
are sent back to the client.these are very good information for attackers to discover your possible vulnerabilities.
in this tutorial, we are going to show you how to hide this sensitive information.
We are assuming that you have root permission, otherwise, you may start commands with “sudo”.
Hide PHP version
For that, you have to edit the file named “php.ini”
On Debian and Ubuntu
nano /etc/php5/apache2/php.ini
On CentOS
nano /etc/php.ini
Or you can search for your config file with the command below:
find / -name php.ini
You have to edit the line that refers to “expose_php”
expose_php = Off
Finally, restart your web server and you are good to go.
service apache2 restart
service httpd restart
systemctl restart httpd.service
Disable Apache web server Signature
Disabling Apache web server signature can be done by editing Apache config file.
On Debian and Ubuntu:
nano /etc/apache2/apache2.conf
On CentOS
nano /etc/httpd/conf/httpd.conf
If you couldn’t find your Apache config file, use the following command to search for it:
find / -name httpd.conf
find / -name apache2.conf
Edit the lines that refer to “ServerSignature” and “ServerTokens” to below:
ServerSignature Off
ServerTokens Prod
service apache2 restart
service httpd restart
systemctl restart httpd.service
Disable Nginx web server Signature
It could be done by editing the config file:
the path of the config file is one of the two below:
nano /etc/nginx/nginx.conf
nano /usr/local/nginx/conf/nginx.conf
Or you can search for it:
find / -name nginx.conf
Then you have to find the line that refers to “server_tokens” and change it like below:
server_tokens off;
At the end restart your Nginx and you are good to go:
Debian, Ubuntu and Centos 5 or 6
service nginx restart
CentOS 7
systemctl restart nginx
Hide PHP and Apache version in cPanel
For hiding PHP version on a cPanel Server you have to change the “expose_php” to “off” from the following instructions:
Service Configurations >> PHP Configuration Editor >> Advance mode
For hiding the Apache version in cPanel you should follow the instruction below:
Service Configurations >> Apache Configuration
and change the following values:
** Server Signature >> off
** Server Tokens >> Product Only
After saving the changes you will be asked for a restart, do it and you are good to go.