How to Hide Apache2 and PHP version without using mod_security in Ubuntu Linux
|
|
Although security by obscurity is not the best policy to protect your IS assets, but it is still useful to thwarts simple network scanner or newbie crackers.
Note: This tip is written for Ubuntu Linux, the steps is similar to other GNU/Linux distro, albeit with a slight variant.
Hiding Apache2 version
Edit /etc/apache2/apache2.conf
Add these lines at the end of the file:
ServerSignature Off
ServerTokens Prod
Restart Apache2
sudo /etc/init.d/apache2 restart
Hiding PHP version
Edit /etc/php5/apache2/php.ini file
Find these lines, and switch it off:
expose_php = Off
display_errors = Off
Additionally you may disable certain ‘risky’ functions in php by editing the disable_functions line:
disable_functions = phpinfo, system,show_source,
Finally, you may restart Apache2 web server.
sudo /etc/init.d/apache2 restart
Tags: apache, apache webserver, apache2, linux, PHP, security, ubuntu, web server, webserver
Keep updated with the latest posts, be a part of over 1,000 subscribers! : 
Subscribe to your email
You might also want to read...
- Apache mod_rewrite cheat sheet
- Secure your WordPress installation now, avoid from being compromised
- 5 things that I look for when getting PHP / MySQL Web Hosting
- Mount Windows Partition in Ubuntu
- Howto create a simple Debian/Ubuntu Repository
- Unix worm that exploits vulnerable PHP/CGI scripts
- How to setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu
August 9th, 2011 at 3:19 pm
NICK NICK