• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Question ServerSignatur turn off

Hi hume1991,

the "ServerSignature" can be turned off for your apache - webserver at the serverwide webserver - configuration file "apache2.conf" ( Debian/Ubuntu - based systems ) or "httpd.conf" ( CentOS/RHEL - based systems ).

Example to add:
Code: 
...
ServerSignature Off
ServerTokens Prod
...
 
I've changed it under /etc/apache2/apache2.conf. I could not see any changes. I have rebooted Apache.
I have added under /etc/apache2/apache2.conf

ServerSignature Off
ServerTokens Prod

Header:

HTTP/1.1 200 OK Date: Tue, 27 Jun 2017 14:39:42 GMT Server: Apache X-Powered-By: PHP/7.0.20 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Wed, 17 Aug 2005 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: 9979992104c464a6cf7609dd3f830a86=o22c3k59ohhchujkopl1v21gj1; path=/; HttpOnly Last-Modified: Tue, 27 Jun 2017 14:39:42 GMT Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 8521 Content-Type: text/html; charset=utf-8

I have Ubuntu 14.04.5 LTS
 
Hi hume1991,

could you pls. tell us, WHAT you would like to change/modify? If you desire to change/modify "X-Powered-By: PHP/7.0.20", pls. be aware, that this is a PHP - depending setting, which can be set in your depending "php.ini" .

Examples to find and replace all serverwide "php.ini" - files, with the desire to set "expose_php = Off" ( => PHP: Description of core php.ini directives - Manual )
Code: 
cd /etc/php
find ./ -type f -exec sed -i -e 's/expose_php = On/expose_php = Off/g' {} \;

cd /etc/php5
find ./ -type f -exec sed -i -e 's/expose_php = On/expose_php = Off/g' {} \;

cd /opt/plesk/php
find ./ -type f -exec sed -i -e 's/expose_php = On/expose_php = Off/g' {} \;
 
Hello,

With me stands with all expose_php = off. I would not show the value value: PHP / 7.0.20. I want to hide the ServerSiganture at Apache. I do not know how far this is interest, but most sites use SSL.
 
You must log in or register to reply here.

Similar threads

andreios
Issue Spam filter is turned off for email address but still mails delivered to spam folder
Replies
6
Views
169
Kaspar@Plesk
Kaspar@Plesk
Jan Bludau
Input For security reasons: Turn off outputting PHP Version and also Webserver Version
Replies
0
Views
487
Jan Bludau
Jan Bludau
M
Question Error SSO Login
Replies
0
Views
85
menkisys
M
tony2452
Checking Automatic Updates
Replies
2
Views
170
Kaspar@Plesk
Kaspar@Plesk
G
Issue Urgent - mail service is turned off for one domain and I cannot switch it back on!
Replies
12
Views
970
Peter Debik
P
Back
Top