Hiding Apache and PHP Server Signature Rumi, March 20, 2017March 26, 2017 Revealing web server signature with server/PHP version info can be a security risk as you are essentially telling attackers known vulnerabilities of your system. Thus it is recommended you disable all web server signatures as part of server hardening process. Disable Apache Web Server Signature Disabling Apache web server signature can be achieved by editing Apache config file. On Debian, Ubuntu or Linux Mint: $ sudo vi /etc/apache2/apache2.conf On CentOS, Fedora, RHEL or Arch Linux: $ sudo vi /etc/httpd/conf/httpd.conf Add the following two lines at the end of Apache config file. ServerSignature Off ServerTokens Prod Then restart web server to activate the change: $ sudo service apache2 restart (Debian, Ubuntu or Linux Mint) $ sudo service httpd restart (CentOS/RHEL 6) $ sudo systemctl restart httpd.service (Fedora, CentOS/RHEL 7, Arch Linux) The first line ‘ServerSignature Off’ makes Apache2 web server hide Apache version info on any error pages. However, without the second line ‘ServerTokens Prod’, Apache server will still include a detailed server token in HTTP response headers, which reveals Apache version number. What the second line ‘ServerTokens Prod’ does is to suppress a server token in HTTP response headers to a bare minimal. So with both lines in place, Apache will not reveal Apache version info in either web pages or HTTP response headers. Hide PHP Version Another potential security threat is PHP version info leak in HTTP response headers. By default, Apache web server includes PHP version info via “X-Powered-By” field in HTTP response headers. If you want to hide PHP version in HTTP headers, open php.ini file with a text editor, look for “expose_php = On”, and change it to "expose_php = Off" On Debian, Ubuntu, or Linux Mint: $ sudo vi /etc/php5/apache2/php.ini On CentOS, Fedora, RHEL or Arch Linux: $ sudo vi /etc/php.ini expose_php = Off Finally, restart Apache2 web server to reload updated PHP config file. Now you will no longer see “X-Powered-By” field in HTTP response headers. Src: http://ask.xmodulo.com/turn-off-server-signature-apache-web-server.html Related Administrations Apachephp
Install webmin in Centos 7 March 9, 2018 Step 1 — Installing Webmin First, we need to add the Webmin repository so that we can easily install and update Webmin using our package manager. We do this by adding a new file called /etc/yum.repos.d/webmin.repo that contains information about the new repository. Create and open this new file using… Read More
Add PHP 7.4 support on Virtualmin GPL on CentOS 7 Distribution April 14, 2022 Install Remi Release repo and clear cache yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm && yum clean all Install PHP packages version 7.4 and/or 8.0 yum -y install php74-php-{cli,pdo,fpm,zip,gd,xml,mysqlnd,opcache,bcmath,imagick,mbstring} yum -y install php80-php-{cli,pdo,fpm,zip,gd,xml,mysqlnd,opcache,bcmath,imagick,mbstring} Configuring Individual Virtual Servers You can configure the PHP version being used for a specific Virtual Server by selecting Server Configuration… Read More
Install Apache2, PHP 7.2 and MariaDB 10.5 on Debian 11 February 18, 2023 First, update all the packages of the system by below-mentioned command: sudo apt update After updating packages, now install the dependencies required by the below-mentioned command: sudo apt install software-properties-common ca-certificates lsb-release apt-transport-https Enable SURY Repository The following step is to integrate the SURY repository into our system. SURY is… Read More