Menu
My question is whether I can omit my server info from being sent in the http header using php? I know by itself it is not dangerous, but humor me. If I wanted to omit that information, how would I do this. How about if I wanted to insert false server information as to lead potential harmful users astray? I have looked at the php doc, but I could not find it. Thanks.
624
I don't know if using PHP to do this is the right approach. Is the server running Apache? If so, you can add the following options to your config file to hide server info:
ServerTokens ProductOnly
ServerSignature Off
To hide PHP info, edit your php.ini and add the line:
expose_php Off
Or, if this option already exists, change from On to Off.
Reference: http://www.debianadmin.com/apache-tipshide-apache-information-php-software-version.html
158
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
