Anonymous apache & PHP « kieranbarnes

Anonymous apache & PHP

Posted on August 9, 2007

Like to be conspicuous? Like me.

Then use the ServerTokens and expose_php options. On a production web server I generally set these two options, pretty much stops and zero day hack attempts and other such nonsense

ServerTokens in httpd.conf
This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS
Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

I set ServerTokens Prod. I give away nothing but the server name.

expose_php in php.ini
Decides whether PHP may expose the fact that it is installed on the server (e.g. by adding its signature to the Web server header). It is no security threat in any way, but it makes it possible to determine whether you use PHP on your server or not.

This option is a boolean. Basically, it is a On or Off option. So I set expose_php = Off
To an onlooker, your server doesn't even have PHP installed. Expect for maybe for .php page extensions. Time for MultiViews?

Share and Enjoy:

Anonymous apache & PHP for cPanel
So I've started playing with cPanel/WHM recently. I've got to say it does make my...
Ridiculously simple NTLM Authentication for Apache (Ubuntu)
We all know Ubuntu makes things amazingly simple. This is the best I've found so...
Block Countries in Apache
Assuming you have mod_geoip installed in apache we can block certain countries in 6 lines...
Apache, JungleDisk and Port 80
I was tearing what little hair I have trying to solve a very strange bug...
Installing mod_evasive on cPanel and/or Apache
This guide details how to install mod_evasive on cPanel to help protect against DDOS attacks,...

What this article useful to you?

Let me know, buy me a beer!
Alternatively, if you're feeling impecunious, you may like to subscribe to my RSS feed, or see other articles in the Apache, Geeky, Linux category.

Filed under: Apache, Geeky, Linux Leave a comment

Comments (0) Trackbacks (1) ( subscribe to comments on this post )

Anonymous apache & PHP for cPanel

« 140 Named Colo(u)rs Cheat Sheet – Seconds to real time »

Hi, I’m Kieran.

I'm a PHP programmer. I specalise in CubeCart, Wordpress, phpBB as well as custom projects.
I'm a techie, I work at Mesh Internet.

Lifestream

Graciela Miranda commented on your photo.

— 10h ago via Facebook
Christophor Rick commented on your photo.

— August 31st via Facebook
Vix Lucas commented on your photo.

— August 30th via Facebook
Stuart King commented on your photo.

— August 29th via Facebook
Stuart King and Laura Pennington ッ commented on your status.

— August 29th via Facebook
Andy Wildcard Peglion also commented on his photo.

— August 28th via Facebook
Michelle Sarky Symonds also commented on her photo.

— August 25th via Facebook
Michelle Sarky Symonds also commented on her photo.

— August 25th via Facebook
Vix Lucas commented on a photo of you.

— August 25th via Facebook
Vix Lucas commented on a photo of you.

— August 25th via Facebook

kieranbarnes do you know where your towel is?