InfoSec Forums InfoSec Forums General Discussion Hiding the apache,nginx, and php version

This topic contains 0 replies, has 1 voice, and was last updated by do son do son 2 weeks, 4 days ago.

  • Author
    Posts
  • #4713
    do son
    do son
    Moderator
    • Topics:202
    • Comments:51
    • Super Member
    • ★★★★

    Remove the display version of Apache is desirable in order not to fall on a 0-day vulnerability, as well as if you do not follow the daily updates and vulnerabilities. Hiding version certainly does not help to get rid of vulnerabilities (there are other tools), but will complicate the work of the attacker.

    In order to hide the version of Apache you can put the module libapache-mod-security , which will hide all unnecessary. Set it by running:

    apt-get install libapache2-mod-security2

    run command:

    a2enmod security2

    And edit the configuration, change or add lines to the file /etc/apache2/conf-available/security.conf :

    ServerTokens Prod
    ServerSignature Off
    TraceEnable Off

    Restart the the Apache :

    service apache restart

    The next step conceal version of Nginx . To hide the version of Nginx edit the file /etc/nginx/nginx.conf . Add in section http ban the transfer of information about the server:

    server_tokens off;

    Save the configuration and restart Nginx .

    service nginx restart

    It only remains to hide the version of the PHP . To do this, open the configuration file /etc/php5/apache2/php.ini and add to the configuration of a ban on the transfer of information about the PHP .

    expose_php = Off

    Now all the extra information hidden.

    No system is truly secure!

You must be logged in to reply to this topic.