HugeServer Knowledgebase

HugeServer Knowledgebase > Linux > CentOS > Hide Apache, Nginx, or PHP version

Hide Apache, Nginx, or PHP version

on by Amir Leave a comment

When requests are sent to your Apache web server, by default,
some valuable information such as the web server version, server operating system, and PHP version.
are sent back to the client.these are very good information for attackers to discover your possible vulnerabilities.
in this tutorial, we are going to show you how to hide this sensitive information.

We are assuming that you have root permission, otherwise, you may start commands with “sudo”.

Hide PHP version

php apache version hide security

For that, you have to edit the file named “php.ini”
On Debian and Ubuntu

nano /etc/php5/apache2/php.ini

On CentOS

nano /etc/php.ini

Or you can search for your config file with the command below:

find / -name php.ini

You have to edit the line that refers to “expose_php”

expose_php = Off

Finally, restart your web server and you are good to go.

In Debian and Ubuntu:
service apache2 restart
On CentOS 6
service httpd restart
On CentOS 7
systemctl restart httpd.service

Disable Apache web server Signature

Disabling Apache web server signature can be done by editing Apache config file.

On Debian and Ubuntu:

nano /etc/apache2/apache2.conf

On CentOS

nano /etc/httpd/conf/httpd.conf

If you couldn’t find your Apache config file, use the following command to search for it:

find / -name httpd.conf
find / -name apache2.conf

Edit the lines that refer to “ServerSignature” and “ServerTokens” to below:

ServerSignature Off
ServerTokens Prod
Then restart the web server
On Debian and Ubuntu:
service apache2 restart
On CentOS 6
service httpd restart
On CentOS 7
systemctl restart httpd.service

Disable Nginx web server Signature

It could be done by editing the config file:
the path of the config file is one of the two below:

nano /etc/nginx/nginx.conf
nano /usr/local/nginx/conf/nginx.conf

Or you can search for it:

find / -name nginx.conf

Then you have to find the line that refers to “server_tokens” and change it like below:

server_tokens off;

At the end restart your Nginx and you are good to go:

Debian, Ubuntu and Centos 5 or 6

service nginx restart

CentOS 7

systemctl restart nginx

Hide PHP and Apache version in cPanel

For hiding PHP version on a cPanel Server you have to change the “expose_php” to “off” from the following instructions:

Service Configurations >> PHP Configuration Editor >> Advance mode

expose_php off

For hiding the Apache version in cPanel you should follow the instruction below:

Service Configurations >> Apache Configuration

and change the following values:

** Server Signature >> off

** Server Tokens >> Product Only

prod only server tokens server signature

After saving the changes you will be asked for a restart, do it and you are good to go.

Was this tutorial helpful?

Thank you for your vote.Thank you for your vote.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

*