Secure Apache and PHP

Author Topic: Secure Apache and PHP  (Read 4108 times)


  • Guest
Secure Apache and PHP
« on: August 11, 2012, 05:34:35 PM »
Hide Apache version

To make Apache stop sending its version number to any visitor do as follow:

    Edit the file http.conf or apache2.conf and add the following lines.

ServerSignature Off
ServerTokens Prod

    Restart Apache

Hide PHP version

Now the turn of PHP, we do not want those hackers out there to know which version of PHP we are running rig?

    Edit the file php.ini, usually in /etc/php/ or /etc/php/apache2/` and add or change the following lines:

expose_php = Off
display_errors = Off

    Restart Apache server.

You are done, now, your system is a little bit more secure. Remember that everybody have access to your server.
« Last Edit: August 11, 2012, 06:20:15 PM by mahbub-web »

Offline jabedmorshed

  • Full Member
  • ***
  • Posts: 137
  • Test
    • View Profile
Re: Secure Apache and PHP
« Reply #1 on: August 03, 2013, 02:51:25 PM »
We should also "off" global register in PHP.

mod_negociation is also another module in Apache which should be off.
Jabed Morshed
Department of Computer Science and Engineering