zeldor.biz

Linux, programming and more

Copyright © 2023
Log in

PHP Security

November 28, 2010 by Igor Drobot Leave a Comment

PHP

PHP reveals its presence on the server in a variety of ways: It may send an HTTP header (X-Powered-By: PHP), or append its name and version to Apache’s signature. In addition, there are easter egg URLs that return the PHP logo or some PHP authors, one of them is:
http://www.host.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

Obviously there is no reason to let end users know about the server’s PHP version. Luckily, there is a switch in php.ini that will disable all of the above:

1
expose_php = Off

expose_php = Off

Filed Under: Linux Tagged With: PHP, PHP Security, Webserver Security