PHP : Hide PHP version information from curl



Tags : php

By default, PHP will expose its version information when query by curl -I and you may want to hide the version information to prevent a potential attacker from gaining more information. For example: localhost:~ admin$ curl -I https://www.socketloop.com HTTP/1.1 200 OK Server: nginx/1.4.6 Content-Type: text/html Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/5.4.25 <------ here Access-Control-Allow-Credentials: true Date: Thu, 14 Aug 2014 12:21:40 GMT Cache-Control: max-age=0, no-cache To turn off the version information. Do the following on the webserver's PHP configuration : vi /etc/php.ini look for expose_php = On line change it to expose_php = Off and this will cause PHP not to send over the version information when queried.


Tags : php

By Adam Ng

IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.


Advertisement

Advertisement

Advertisement

Advertisement