protect webserver/PHP software version

just hidden web server software version from Hacker fingerprint technique.

Remove Apache Version
( I have 2 solutions)

1. change Apache source code then re-compile
  • extract apache source code
  • modify file name include/ap_release.h find "AP_SERVER_BASEPRODUCT"

2. install Mod_Security modules - it better!
  • install mod_security by "yum install mod_security"
  • go to mod_security's config (i.e. /etc/httpd/modsecurity.d) then modify SecServerSignature to what you want.
  • restart httpd service
Remove PHP Version

quite simple, goto php.ini or php.conf. find "expose_php" - default is On, so change it to Off

but it really protect?

NO! It can't. Have many ways to check it. LoL.



Popular posts from this blog

3G Bandwidth bonding solutions

docker - could not read CA certificate