linux poison RSS
linux poison Email

How To Hide PHP Version Information

PHP (Hypertest Preprocessor) is a server-side HTML embedded scripting language that is very popular for web development. When PHP is running on a web server, each and every request to the web server will return the following line of header with PHP version information to the browser and using this information attackers may target the specific vulnerability in that version of PHP.
X-Powered-By - PHP/5.2.6-2ubuntu4.6
So it’s recommended disable and turn php version information off. Web masters can disable version information in the php.ini file, usually located in /etc/php.ini or /etc/php5 or /etc/php4 directory.
Modify setting as follows:
expose_php = Off
display_errors=Off
register_globals = Off
Also its a good idea to send all errors to some other file (example: /var/log/php-error.log) and not on screen to end user.
Modify setting as follows:
error_log = /var/log/httpd/php-scripts-error.log
Finally after making all the above changes - Restart Apache.
/etc/init.d/httpd restart
Now all php script errors are written to /var/log/php-error.log.


0 comments:

Post a Comment

Related Posts with Thumbnails