Tuesday, 21 June 2016

How to hide web server information from the headers?

How to hide web server information from the headers?

Question: What do you mean by server technology in header?
When an request is sent from client to server.
When an request is sent from one server to another server.
There are lot of information also sent back to client(receiver information).
For Example:
HTTP/1.1 200 OK
Date: Tue, 21 Jun 2016 05:24:34 GMT
Server: Apache/2.2.22 (Win32) PHP/5.4.3
X-Powered-By: PHP/5.4.3
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

Question: What are benefits of hiding server info from header?
An attacker will not get to know which technology you are using in your application.

Question: How to hide the Server technology information from header?
Step 1:
Open php.ini file
expose_php = on

expose_php = Off

Step 2:
Add Following in your .htacess (root folder)
ServerSignature Off

Step 3 Setup the mod_security with Apache

No comments:

Post a Comment