一,Nginx隐藏版本信息
在nginx.conf文件找到http配置,关闭server_tokens,比如
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
........
........
#关闭版本显示
server_tokens off;
........
........
}
重启Nginx即可生效
二,Apache隐藏版本信息
在httpd.conf文件找到ServerTokens,设置为Prod,比如
.............. # # Don't give away too much information about all the subcomponents # we are running. Comment out this line if you don't mind remote sites # finding out what major optional modules you are running # 关闭版本显示 ServerTokens Prod ............
Apache版本2.0.44之前的,需要修改多加一行
ServerSignature Off
官网有说明:
https://httpd.apache.org/docs/2.4/mod/core.html#serversignature
重启Apache即可生效
三,PHP隐藏版本信息
找到php.ini文件,设置expose_php = Off,比如
........... ; Decides whether PHP may expose the fact that it is installed on the server ; (e.g. by adding its signature to the Web server header). It is no security ; threat in any way, but it makes it possible to determine whether you use PHP ; on your server or not. ; http://php.net/expose-php # 关闭版本信息 expose_php = Off ........
重启php-fpm即可生效
Leave a Reply