For security reasons, it is best to hide the PHP version to avoid some attacks caused by PHP version vulnerabilities.
1. Hiding the PHP version is hiding the information "X-Powered-By: PHP/5.2.13".
The method is simple:
Edit php.ini configuration file, modify or add: expose_php = Off After saving, restart the corresponding web server such as Nginx or Apache.
[root@bkjz /]# curl -Iwww.itsvse.com
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Jul 2010 05:45:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
The PHP version has been completely hidden.
2. Other basic PHP security settings:
disable_functions = phpinfo,system,exec,shell_exec,passthru,popen,dl,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
#该指令接受一个用逗号分隔的函数名列表 to disable specific functions.
display_errors = Off
#是否将错误信息作为输出的一部分显示. On the final published website, it is strongly recommended that you turn off this feature and use error logs instead. Turning on this feature may reveal some security information, such as file paths, database planning, or other information on your web service.
allow_url_fopen = Off
#是否允许打开远程文件, it is recommended to turn it off and turn on the collection function if the website needs it.
safe_mode = On
#是否启用安全模式. When opened, PHP will check if the owner of the current script is the same as the owner of the file being manipulated. Safe mode is enabled if your directory file permissions are fully assigned.
open_basedir = /var/www/html/php:/var/www/html/168pc
#目录权限控制, the PHP program in the ha97 directory cannot access the contents of the 168pc directory. The other way around. In Linux/UNIX systems, the directory is separated by colons, and in Windows, the directory is separated by semicolons.
|
Posted on 12/6/2015 8:43:02 PM
|
|
|
Landlord|
Posted on 3/22/2016 2:22:32 PM
|
