How to disable versions expose in PHP and webservers (nginx, Apache)
By default PHP exposes it’s version:
curl -vi localhost
< HTTP/1.1 200 OK < Server: nginx/1.0.15 < Date: Fri, 01 Feb 2013 23:19:48 GMT < Content-Type: text/html < Transfer-Encoding: chunked < Connection: keep-alive < Keep-Alive: timeout=64 < X-Powered-By: PHP/5.4.8
As you can see just by running GET requst you are able to get nginx and PHP version on the server:
Server: nginx/1.0.15 X-Powered-By: PHP/5.4.8
To disable it modify your /etc/php.ini file:
expose_php = Off
As well as nginx’ http section:
server_tokens off;
And if you use Apache:
ServerTokens Prod