How to Hide Apache, Nginx, or PHP version on Ubuntu

curl -IL https://some-server-ip-OR-domain-name/
curl -IL https://vetechno.in/

OR

wget --server-response --spider http://example.com/

When you run the above command you will get the below output. As you can see it clearly visible web server version, php version and other sensitive information.

root@vetechno:~# curl -IL https://vetechno.in

HTTP/1.1 301 Moved Permanently
Server: nginx/1.16.1
Date: Wed, 12 May 2021 07:05:13 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://www.vetechno.in/

HTTP/2 200
date: Wed, 12 May 2021 07:05:15 GMT
content-type: text/html; charset=UTF-8
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/7.2.17
cache-control: must-revalidate, no-cache, private
link: <https://www.vetechno.in/>; rel="shortlink", <https://www.vetechno.in/>; rel="canonical"
link: <https://www.vetechno.in/home>; rel="revision"
link: <//d3tj4hjkds11o5e.cloudfront.net>; rel=preconnect; crossorigin
link: <//d3tj4hjkds11o5e.cloudfront.net>; rel=dns-prefetch
x-ua-compatible: IE=edge
content-language: en
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Mon, 10 Nov 2010 05:23:00 GMT
x-generator: Drupal 8 (https://www.drupal.org)
x-dns-prefetch-control: on
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Accept
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE

Step2. Disable / hide Apache Web Server Details.

$ sudo vi /etc/apache2/apache2.conf        #Ubuntu/Debian systems
$ sudo vi /etc/httpd/conf/httpd.conf         #CentOS/RHEL systems 

And add the below command. Then save and exit from conf file.

ServerTokens Prod
ServerSignature Off 

Step3. Restart the web server.

$ sudo systemctl restart apache2               #Ubuntu/Debian systems
OR
$ sudo service apache2 restart     
$ service httpd restart                                 #CentOS/RHEL systems 

Step4. Hide PHP Version

By default in the PHP configuration allows the HTTP response header ‘X-Powered-By’ to display/show the PHP version on the Server.

Find below php.ini configuration file

* Ubuntu/Debian/Linuxmint – /etc/php/7.4/cli/php.ini

* CentOS/Fedora/Redhat – /etc/php.ini

Before you making any changes to php.ini configuration file, I suggest you to first make a backup of your php.ini config file

---------------- On Debian/Ubuntu  veTechno---------------- 
$ sudo cp /etc/php/7.4/cli/php.ini  /etc/php/7.4/cli/php.ini.bkp 

---------------- On CentOS/RHEL/Fedora veTechno ---------------- 
$ sudo cp /etc/php.ini /etc/php.ini.bkp

Step5. Now open the file with your favorite text editor with super user privileges.

$ sudo vi /etc/php/7.4/cli/php.ini              #Ubuntu/Debian Systems
$ sudo vi /etc/php.ini                                #CentOS/RHEL Systems

Search the keyword expose_php and set its value to Off:

expose_php = off

Step6. Save the file and exit. Then restart the Apache web server as given below.

$ sudo systemctl restart apache2            #Ubuntu/Debian Systems
$ sudo systemctl restart httpd                 #CentOS/RHEL Systems

Step7. Verify the Settings

Now verify the necessary changes in your server and compare the output with earlier results by following commands. 

curl -IL https://some-server-ip-OR-domain-name/
curl -IL https://vetechno.in/

OR

wget --server-response --spider http://example.com/

 
Find the below final results.

root@vetechno:~# curl -IL https://vetechno.in

HTTP/1.1 200 OK
Date: Wed, 12 May 2021 11:21:45 GMT
Server: Apache
Last-Modified: Thu, 26 Jan 2019 11:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8

Conclusion

Congratulation you have successfully  Hide Apache, Nginx, or PHP version on Ubuntu/CentOS.

it is recommended that you disable or hide this information from attackers who might be targeting your server by requiring you to know whether you are running PHP or not, Apache or Nginx.

Please let me know in the comment box you are facing any issue while configuring the settings.