PHP
1 前言
一个问题,一篇文章,一出故事。
最近外部的安全扫描发现我们一个站点对外宣告PHP的版本号,于是我们需要修改参数隐藏PHP的版本号。
The X-Powered-By header reveals information about specific technology used on the server. This information can be used to exploit vulnerabilities. The server configuration should be changed to remove this header. Expected: Headers > x-powered-by: [not set] Actual: PHP/8.0.19 First detectedMay: 13, 2024
2 最佳实践
2.1 安装运行环境
vim /etc/php.ini
修改如下参数,
expose_php = Off
2.2 重载服务使配置生效
systemctl reload httpd
没有评论