Hide NginX and PHP headers to harden your server
Hiding server's information may help protecting your server from malicious server scanning from hackers. Here are some way to hide nginx and php information:
1. NginX
Install nginx-extras to have more options:
$ sudo apt-get install nginx-extras
Open the /etc/nginx/nginx.conf and add those following lines (blue ones) inside the http block:
http {
...
server_tokens off; # hide the nginx version
more_set_headers 'Server: My MotherFucking Server'; # Change the Server header
...
}
Then start (or restart) the nginx server:
$ sudo service start nginx
2. PHP
You can hide the php version by modify the file /etc/php5/fpm/php.ini
...
expose_php = Off
...
Restart the php5-fpm process:
$ sudo service php5-fpm restart
Cool!
1. NginX
Install nginx-extras to have more options:
$ sudo apt-get install nginx-extras
Open the /etc/nginx/nginx.conf and add those following lines (blue ones) inside the http block:
http {
...
server_tokens off; # hide the nginx version
more_set_headers 'Server: My MotherFucking Server'; # Change the Server header
...
}
Then start (or restart) the nginx server:
$ sudo service start nginx
2. PHP
You can hide the php version by modify the file /etc/php5/fpm/php.ini
...
expose_php = Off
...
Restart the php5-fpm process:
$ sudo service php5-fpm restart
Cool!
Comments
Post a Comment