隐藏php头部版本输出 Hide PHP version (X-Powered-By)

网上一搜中文，还真找不到相关信息。用英文一搜搜到了（下面是原文）

If you have read my previous tip, “Hide apache software version“, you have seen how you can configure apache to provide only a minimal amount of information about the installed software versions in its banner. But if you are using the PHP module in your web server (as most of us are), then there is one additional step that need to be completed, and this is what I will show you in this tip.

After implementing the apache directives ServerTokens and ServerSignature as shown in “Hide apache software version“, we test its functionality against a regular html file and we get the following response:

HEAD http://remote_server.com/index.html
200 OK
Connection: close
Date: Fri, 16 Jun 2006 01:13:23 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
Client-Date: Fri, 16 Jun 2006 21:42:53 GMT
Client-Peer: 192.168.0.102:80
Client-Response-Num: 1

This looks good. But if we do the same thing against an URL that is a PHP file:

HEAD http://remote_server.com/index.php 200 OK Connection: close Date: Fri, 16 Jun 2006 01:16:30 GMT Server: Apache Content-Type: text/html; charset=UTF-8 Client-Date: Fri, 16 Jun 2006 21:48:13 GMT Client-Peer: 192.168.0.102:80 Client-Response-Num: 1 X-Powered-By: PHP/5.1.2-1+b1 

Ups… As we can see PHP adds its own banner:

X-Powered-By: PHP/5.1.2-1+b1…

Let’s see how we can disable it. In order to prevent PHP from exposing the fact that it is installed on the server, by adding its signature to the web server header we need to locate in php.ini the variable expose_php and turn it off.

By default expose_php is set to On.

In your php.ini (based on your Linux distribution this can be found in various places, like /etc/php.ini, /etc/php5/apache2/php.ini, etc.) locate the line containing “expose_php On” and set it to Off:

expose_php = Off

After making this change PHP will no longer add it’s signature to the web server header. Doing this, will not make your server more secure… it will just prevent remote hosts to easily see that you have PHP installed on the system and what version you are running.

结果简单的让人吃惊，只是需要修改php.ini 的 expose_php 把默认的 On改成 Off 就行了。

上面文中还提到隐藏 apache的版本信息，大家直接点链接去看吧。

原文：http://www.ducea.com/2006/06/16/apache-tips-tricks-hide-php-version-x-powered-by/

（點擊查看原文/來源鏈接）