删除 X-Powered-By
如何在 PHP 中删除 X-Powered-By 标头?我在 Apache 服务器上,我使用 php 5.21.我不能在 php 中使用 header_remove 函数,因为 5.21 不支持它.我使用了 Header unset X-Powered-By,它在我的本地机器上运行,但在我的生产服务器上运行.
如果php不支持ver
我认为这是由 expose_php 设置控制的/ini.core.php" rel="noreferrer">PHP.ini:
expose_php = 关闭
<块引用>
决定 PHP 是否可以公开它安装在服务器上的事实(例如,通过将其签名添加到 Web 服务器标头).它在任何方面都不是安全威胁,但它可以确定您是否在服务器上使用 PHP.
没有直接的安全风险,但正如 David C 指出的那样,暴露过时(并且可能易受攻击)的 PHP 版本可能会诱使人们尝试攻击它.
How can I remove X-Powered-By header in PHP? I am on an Apache Server and I use php 5.21. I can't use the header_remove function in php as it's not supported by 5.21. I used Header unset X-Powered-By, it worked on my local machine, but not on my production server.
If php doesn't support header_remove() for ver < 5.3, is there an alternative?
解决方案
I think that is controlled by the expose_php
setting in PHP.ini:
expose_php = off
Decides whether PHP may expose the fact that it is installed on the server (e.g. by adding its signature to the Web server header). It is no security threat in any way, but it makes it possible to determine whether you use PHP on your server or not.
There is no direct security risk, but as David C notes, exposing an outdated (and possibly vulnerable) version of PHP may be an invitation for people to try and attack it.
相关文章