Turn Off Expose_PHP (Hide X-Powered-By) PHP.ini
We highly recommend to disable (turn off)
expose_php on your web server to enhance the security. By default, PHP shows its version information on the HTTP request headers via X-Powered-By and this is not good, because you are giving out useful information to a possible attacker:
HTTP/1.1 200 OK Date: Thu, 19 May 2016 23:48:39 GMT Server: Apache Phusion_Passenger/4.0.10 mod_bwlimited/1.4 mod_fcgid/2.3.9 X-Powered-By: PHP/5.4.45 Cache-Control: max-age=2592000 Expires: Sat, 18 Jun 2016 23:48:39 GMT Vary: User-Agent,Accept-Encoding Content-Type: text/html
So it is best to turn off
expose_php and hide the X-Powered-By field in the HTTP response headers. That way an attacker can’t identify what version of PHP is installed in your server.
Edit your PHP.ini file:
Turn off the
expose_php = Off
Restart the PHP servie:
More Related Posts
- [2016/05/19] Check if a String Contains Multiple Wo...
- [2016/06/04] Check if a Number is Multiple of Anoth...
- [2016/06/07] How to Get File Extension in PHP
- [2016/05/26] How to Increase PHP Memory Limit
- [2016/05/25] Disable PHP Notice: Undefined variable...
- [2016/05/19] Validate Value as Integer in PHP
- [2016/05/27] PHP Domain Parser: Domain\URL Parser P...
- [2016/05/19] Remove Non-Alphanumeric Characters fro...