Thursday, November 26, 2015

SECURE APACHE AND PHP

Hide Apache version
To make Apache stop sending its version number to any visitor do as follow:
Edit the file http.conf or apache2.conf and add the following lines.
ServerSignature Off
ServerTokens Prod
Restart Apache
Hide PHP version
Now the turn of PHP, we do not want those hackers out there to know which version of PHP we are running rig?
Edit the file php.ini, usually in /etc/php/ or /etc/php/apache2/` and add or change the following lines:
expose_php = Off
display_errors = Off
Restart Apache server.
You are done, now, your system is a little bit more secure. Remember that everybody have access to your server.