Last Updated on January 17, 2023 by Vikash Ekka
How to Hide Apache, Nginx, or PHP version on Ubuntu |
Step1. Let’s check Header Details of any Website.
curl -IL https://some-server-ip-OR-domain-name/
curl -IL https://vetechno.in/
OR
wget --server-response --spider http://example.com/
When you run the above command you will get the below output. As you can see it clearly visible web server version, php version and other sensitive information.
root@vetechno:~# curl -IL https://vetechno.in HTTP/1.1 301 Moved Permanently Server: nginx/1.16.1 Date: Wed, 12 May 2021 07:05:13 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://www.vetechno.in/ HTTP/2 200 date: Wed, 12 May 2021 07:05:15 GMT content-type: text/html; charset=UTF-8 server: nginx vary: Accept-Encoding x-powered-by: PHP/7.2.17 cache-control: must-revalidate, no-cache, private link: <https://www.vetechno.in/>; rel="shortlink", <https://www.vetechno.in/>; rel="canonical" link: <https://www.vetechno.in/home>; rel="revision" link: <//d3tj4hjkds11o5e.cloudfront.net>; rel=preconnect; crossorigin link: <//d3tj4hjkds11o5e.cloudfront.net>; rel=dns-prefetch x-ua-compatible: IE=edge content-language: en x-content-type-options: nosniff x-frame-options: SAMEORIGIN expires: Mon, 10 Nov 2010 05:23:00 GMT x-generator: Drupal 8 (https://www.drupal.org) x-dns-prefetch-control: on access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Content-Type,Accept access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE
Step2. Disable / hide Apache Web Server Details.
$ sudo vi /etc/apache2/apache2.conf #Ubuntu/Debian systems $ sudo vi /etc/httpd/conf/httpd.conf #CentOS/RHEL systems
And add the below command. Then save and exit from conf file.
ServerTokens Prod
ServerSignature Off
Step3. Restart the web server.
$ sudo systemctl restart apache2 #Ubuntu/Debian systems OR $ sudo service apache2 restart $ service httpd restart #CentOS/RHEL systems
Step4. Hide PHP Version
By default in the PHP configuration allows the HTTP response header ‘X-Powered-By’ to display/show the PHP version on the Server.
Find below php.ini configuration file
* Ubuntu/Debian/Linuxmint – /etc/php/7.4/cli/php.ini
* CentOS/Fedora/Redhat – /etc/php.ini
Before you making any changes to php.ini configuration file, I suggest you to first make a backup of your php.ini config file
---------------- On Debian/Ubuntu veTechno----------------
$ sudo cp /etc/php/7.4/cli/php.ini /etc/php/7.4/cli/php.ini.bkp
---------------- On CentOS/RHEL/Fedora veTechno ----------------
$ sudo cp /etc/php.ini /etc/php.ini.bkp
Step5. Now open the file with your favorite text editor with super user privileges.
$ sudo vi /etc/php/7.4/cli/php.ini #Ubuntu/Debian Systems $ sudo vi /etc/php.ini #CentOS/RHEL Systems
Search the keyword expose_php and set its value to Off:
expose_php = off
Step6. Save the file and exit. Then restart the Apache web server as given below.
$ sudo systemctl restart apache2 #Ubuntu/Debian Systems $ sudo systemctl restart httpd #CentOS/RHEL Systems
Step7. Verify the Settings
Now verify the necessary changes in your server and compare the output with earlier results by following commands.
curl -IL https://some-server-ip-OR-domain-name/
curl -IL https://vetechno.in/
OR
wget --server-response --spider http://example.com/
Find the below final results.
root@vetechno:~# curl -IL https://vetechno.in HTTP/1.1 200 OK Date: Wed, 12 May 2021 11:21:45 GMT Server: Apache Last-Modified: Thu, 26 Jan 2019 11:20:58 GMT ETag: "1321-5058a1e728280" Accept-Ranges: bytes Content-Length: 4897 Content-Type: text/html; charset=UTF-8
Conclusion
Congratulation you have successfully Hide Apache, Nginx, or PHP version on Ubuntu/CentOS.
it is recommended that you disable or hide this information from attackers who might be targeting your server by requiring you to know whether you are running PHP or not, Apache or Nginx.
Please let me know in the comment box you are facing any issue while configuring the settings.
[…] How to Hide Apache, Nginx, or PHP version on UbuntuGetting help on Linux commands […]
[…] How to Hide Apache, Nginx, or PHP version on UbuntuGetting help on Linux commands […]
[…] How to Hide Apache, Nginx, or PHP version on Ubuntu […]
[…] How to Hide Apache, Nginx, or PHP version on Ubuntu […]