본문 바로가기

리눅스

[리눅스] apache(httpd), PHP 버전 숨기기

728x90

apache(httpd), PHP 버전 숨기기

서버 HTTP 헤더를 보는 방법(apache 및 PHP 버전 확인)

wget 명령

wget --server-response --spider localhost

$ wget --server-response --spider localhost
Spider mode enabled. Check if remote file exists.
--2022-03-08 21:54:05--  http://localhost/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 200 OK
  Date: Tue, 08 Mar 2022 12:54:05 GMT
  Server: Apache/2.4.6 (CentOS) PHP/7.4.28
  X-Powered-By: PHP/7.4.28
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=UTF-8
Length: unspecified [text/html]
Remote file exists and could contain further links,
but recursion is disabled -- not retrieving.

curl 명령

curl --head localhost

$ curl --head localhost
HTTP/1.1 200 OK
Date: Tue, 08 Mar 2022 12:56:46 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.4.28
X-Powered-By: PHP/7.4.28
Content-Type: text/html; charset=UTF-8

apache(httpd) 버전 숨기기

$ vim httpd.conf
...
ServerTokens Prod
ServerSignature Off
...

PHP 버전 숨기기

php.ini 파일 경로 찾기

php --ini | egrep "Loaded Configuration File"

$ php --ini | egrep "Loaded Configuration File"
Loaded Configuration File:         /etc/php.ini

PHP 버전 숨기기

sed -i "s/expose_php = On/expose_php = Off/g" /etc/php.ini

$ sed -i "s/expose_php = On/expose_php = Off/g" /etc/php.ini

apache, PHP 숨기기 적용 후 HTTP 헤더 확인

$ wget --server-response --spider localhost
Spider mode enabled. Check if remote file exists.
--2022-03-08 22:17:20--  http://localhost/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 200 OK
  Date: Tue, 08 Mar 2022 13:17:20 GMT
  Server: Apache
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=UTF-8
Length: unspecified [text/html]
Remote file exists and could contain further links,
but recursion is disabled -- not retrieving.
$ curl --head localhost
HTTP/1.1 200 OK
Date: Tue, 08 Mar 2022 13:17:12 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
728x90