PHP : Hide PHP version information from curl


5467 views 14th August 2014


By default, PHP will expose its version information when query by curl -I and you may want to hide the version information to prevent a potential attacker from gaining more information.

For example:

localhost:~ admin$ curl -I https://www.socketloop.com

HTTP/1.1 200 OK

Server: nginx/1.4.6

Content-Type: text/html

Connection: keep-alive

Vary: Accept-Encoding

X-Powered-By: PHP/5.4.25 <------ here

Access-Control-Allow-Credentials: true

Date: Thu, 14 Aug 2014 12:21:40 GMT

Cache-Control: max-age=0, no-cache

To turn off the version information. Do the following on the webserver's PHP configuration :

vi /etc/php.ini

look for expose_php = On line

change it to expose_php = Off

and this will cause PHP not to send over the version information when queried.





By Adam Ng

IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.


Advertisement

Tutorials

+9k Golang : Executing and evaluating nested loop in html template


+25.3k Golang : Create PDF file from HTML file


+15.7k Golang : rune literal not terminated error


+29.7k Golang : Login(Authenticate) with Facebook example


+20.5k Golang : Reset or rewind io.Reader or io.Writer


+10k Golang : Detect number of active displays and the display's resolution


+28.6k Read a XML file in Go


+14.2k Golang : Rename file


+11.9k How to tell if a binary(executable) file or web application is built with Golang?


+5.1k Python : Convert(cast) bytes to string example


+10.1k Golang : Convert octal value to string to deal with leading zero problem


+14.2k Generate salted password with OpenSSL example