protect webserver/PHP software version

just hidden web server software version from Hacker fingerprint technique.

Remove Apache Version
( I have 2 solutions)

1. change Apache source code then re-compile
  • extract apache source code
  • modify file name include/ap_release.h find "AP_SERVER_BASEPRODUCT"

2. install Mod_Security modules - it better!
  • install mod_security by "yum install mod_security"
  • go to mod_security's config (i.e. /etc/httpd/modsecurity.d) then modify SecServerSignature to what you want.
  • restart httpd service
Remove PHP Version

quite simple, goto php.ini or php.conf. find "expose_php" - default is On, so change it to Off


but it really protect?

NO! It can't. Have many ways to check it. LoL.


Reference

Comments

Popular posts from this blog

Wowza 4.0.1 (Wowza Streaming Engine) Released!

Charles, Java Web Debugging Proxy