Tuesday 21 June 2016

How to hide web server information from the headers?

How to hide web server information from the headers?

Question: What do you mean by server technology in header?
When an request is sent from client to server.
OR
When an request is sent from one server to another server.
There are lot of information also sent back to client(receiver information).
For Example:
HTTP/1.1 200 OK
Date: Tue, 21 Jun 2016 05:24:34 GMT
Server: Apache/2.2.22 (Win32) PHP/5.4.3
X-Powered-By: PHP/5.4.3
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html



Question: What are benefits of hiding server info from header?
An attacker will not get to know which technology you are using in your application.


Question: How to hide the Server technology information from header?
Step 1:
Open php.ini file
change
expose_php = on

to 
expose_php = Off

Step 2:
Add Following in your .htacess (root folder) 
ServerSignature Off

Step 3 Setup the mod_security with Apache
https://www.thefanclub.co.za/how-to/how-install-apache2-modsecurity-and-modevasive-ubuntu-1204-lts-server


Best Related Posts are Following:

  1. How to enable the XSS Protection header?.
  2. AES Encryption and Decryption in PHP See example.
  3. XMLRPC Wordpress Attack.
  4. How can I read request-headers in PHP.
  5. How can I prevent SQL-injection in PHP?.
  6. Shared Server Security Risk open_basedir disable_functions disable_classes.
  7. What is Best method for sanitizing user input with PHP?.
  8. Difference between Notice and warning and fatal error.
  9. How can I prevent SQL-injection in PHP [SOLVED].
  10. PHP Register Globals.
  11. PHP Sessions and Cookie and Security.
  12. PHP Check Mime Type of File - Return Information About A File.
  13. Improve Ajax Performance.
  14. PHP Captcha Code Example Code Snippets.
  15. PHP - Secure Ajax Call from Hackers - Example.
  16. htaccess code snippets example.
  17. Manage Cron Job with PHP - SSH2 Connection.
  18. Spoofed Forms - Stop Spoofed Form Submissions.
  19. Session Fixation.
  20. Session Hijacking.
  21. openssl private encrypt.
  22. Cross Site Request Forgery.
  23. SQL Injection Attack - PHP & MySQL.
  24. Cross-Site Scripting - cross site scripting examples.
  25. PHP INI settings.

Labels: