Disable Web Server Signatures in Debian-based Linux
Hide server details from potential online threats in a few easy steps.
==========
1. Open the Apache security configuration file.
user@host: $ sudo nano /etc/apache2/conf-enabled/security.conf
2. Find and modify the following Apache directives.
# BEGIN CODE
# ...
ServerTokens Prod
# "Prod" reduces Apache info sent by the server in its HTTP response header.
# ...
ServerSignature Off
# "Off" removes info on server, host, and port from error pages and other auto-generated docs.
# ...
# END CODE
3. List the PHP "x.y" versions available and open the configuration file of the appropriate version.
user@host: $ ls -lha /etc/php
user@host: $ sudo nano /etc/php/x.y/apache2/php.ini
4. Find and modify the following PHP config.
; BEGIN CODE
; ...
expose_php = Off
; "Off" removes the PHP signature sent by the server in its HTTP response header.
; More info at https://php.net/expose-php
; ...
; END CODE
user@host: $ sudo /etc/init.d/apache2 restart
==========
ServerSignature Off
# "Off" removes info on server, host, and port from error pages and other auto-generated docs.
# ...
# END CODE
3. List the PHP "x.y" versions available and open the configuration file of the appropriate version.
user@host: $ ls -lha /etc/php
user@host: $ sudo nano /etc/php/x.y/apache2/php.ini
4. Find and modify the following PHP config.
; BEGIN CODE
; ...
expose_php = Off
; "Off" removes the PHP signature sent by the server in its HTTP response header.
; More info at https://php.net/expose-php
; ...
; END CODE
5. Restart the server.
==========
Comments
Post a Comment