protect webserver/PHP software version
just hidden web server software version from Hacker fingerprint technique.
Remove Apache Version ( I have 2 solutions)
1. change Apache source code then re-compile
2. install Mod_Security modules - it better!
quite simple, goto php.ini or php.conf. find "expose_php" - default is On, so change it to Off
but it really protect?
NO! It can't. Have many ways to check it. LoL.
Reference
Remove Apache Version ( I have 2 solutions)
1. change Apache source code then re-compile
- extract apache source code
- modify file name include/ap_release.h find "AP_SERVER_BASEPRODUCT"
2. install Mod_Security modules - it better!
Remove PHP Version
- install mod_security by "yum install mod_security"
- go to mod_security's config (i.e. /etc/httpd/modsecurity.d) then modify SecServerSignature to what you want.
- restart httpd service
quite simple, goto php.ini or php.conf. find "expose_php" - default is On, so change it to Off
but it really protect?
NO! It can't. Have many ways to check it. LoL.
Reference
Comments