hide server info

<?php

/*
wamp64\bin\apache\apache2.4.18\conf
httpd.conf
 ServerSignature On 
 ServerTokens Full 

Server:Apache/2.4.18 (Win64) PHP/5.6.19

X-Powered-By:PHP/5.6.19

*/

<?php

header('X-Powered-By: ASP.NET');

/*

wamp64\bin\apache\apache2.4.18\conf

httpd.conf

 ServerSignature On

 ServerTokens Full 

Server:Apache/2.4.18 (Win64) PHP/5.6.19

X-Powered-By:ASP.NET

*/

<?php

header('Server: ASP.NET');

header('X-Powered-By: ASP.NET');

/*

wamp64\bin\apache\apache2.4.18\conf

httpd.conf

 ServerSignature On

 ServerTokens Full 

Server:Apache/2.4.18 (Win64) PHP/5.6.19

X-Powered-By:ASP.NET

*/

<?php

/*

wamp64\bin\apache\apache2.4.18\conf

httpd.conf

 ServerSignature Off

 ServerTokens Full 

Server:Apache/2.4.18 (Win64) PHP/5.6.19

X-Powered-By:ASP.NET

*/

<?php

/*

wamp64\bin\apache\apache2.4.18\conf

httpd.conf

 ServerSignature Off

 ServerTokens ProductOnly 

Server:Apache

X-Powered-By:PHP/5.6.19

*/

<?php

 header('X-Powered-By: ASP.NET');

/*

wamp64\bin\apache\apache2.4.18\conf

httpd.conf

 ServerSignature Off

 ServerTokens ProductOnly 

Server:Apache

X-Powered-By:ASP.NET

*/

<?php

 header('X-Powered-By: yuanjiangw');

/*

wamp64\bin\apache\apache2.4.18\conf

httpd.conf

 ServerSignature Off

 ServerTokens ProductOnly 

Server:Apache

X-Powered-By:yuanjiangw

*/

https://httpd.apache.org/docs/2.4/mod/core.html#serversignature

ServerSignature Directive

Description:	Configures the footer on server-generated documents
Syntax:	`ServerSignature On\|Off\|EMail`
Default:	`ServerSignature Off`
Context:	server config, virtual host, directory, .htaccess
Override:	All
Status:	Core
Module:	core

The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents (error messages,mod_proxy ftp directory listings, mod_info output, ...). The reason why you would want to enable such a footer line is that in a chain of proxies, the user often has no possibility to tell which of the chained servers actually produced a returned error message.

The Off setting, which is the default, suppresses the footer line (and is therefore compatible with the behavior of Apache-1.2 and below). The Onsetting simply adds a line with the server version number and ServerName of the serving virtual host, and the EMail setting additionally creates a "mailto:" reference to the ServerAdmin of the referenced document.

After version 2.0.44, the details of the server version number presented are controlled by the ServerTokens directive.

ServerTokens Directive

Description:	Configures the `Server` HTTP response header
Syntax:	`ServerTokens Major\|Minor\|Min[imal]\|Prod[uctOnly]\|OS\|Full`
Default:	`ServerTokens Full`
Context:	server config
Status:	Core
Module:	core

This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.

ServerTokens Full (or not specified): Server sends (e.g.): Server: Apache/2.4.2 (Unix) PHP/4.2.2 MyMod/1.2
ServerTokens Prod[uctOnly]: Server sends (e.g.): Server: Apache
ServerTokens Major: Server sends (e.g.): Server: Apache/2
ServerTokens Minor: Server sends (e.g.): Server: Apache/2.4
ServerTokens Min[imal]: Server sends (e.g.): Server: Apache/2.4.2
ServerTokens OS: Server sends (e.g.): Server: Apache/2.4.2 (Unix)

This setting applies to the entire server, and cannot be enabled or disabled on a virtualhost-by-virtualhost basis.

After version 2.0.44, this directive also controls the information presented by the ServerSignature directive.

Setting ServerTokens to less than minimal is not recommended because it makes it more difficult to debug interoperational problems. Also note that disabling the Server: header does nothing at all to make your server more secure. The idea of "security through obscurity" is a myth and leads to a false sense of safety.

秒客网

ServerSignature Directive

See also

ServerTokens Directive

See also

相关文章