Hide Apache and Php version from http response header

Posted: April 29, 2013 in Linux, PHP, Web Server

Apache will return the server OS and apache version by default, e.g., Server: Apache/2.0.41 (Unix).

To hide it, set ServerTokens to Prod in httpd.conf, the default value is OS. All available values can be found in http://httpd.apache.org/docs/2.2/mod/core.html#servertokens

ServerTokens Prod

To hide the PHP number, set expose_php to off in php.ini

expose_php off

You should also set the ServerSignature to Off to stop apache from display the server information on the default error page, such as 404.

ServerSignature Off


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s