So this is a simple change that will apply to php and not really to the web service. I took this from an apache tip page. So if you curl your page’s headers you should see your version of php listed as “X-Powered-By”

neoproxy@apex[~]$ curl -I 8bitpipe.com
HTTP/1.1 200 OK
Date: Thu, 28 Feb 2013 15:11:02 GMT
Server: nginx
Connection: Keep-Alive
X-Pingback: http://8bitpipe.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.3

To turn this off, go into php.ini and find expose_php and change it to off. This is on by default so if you can’t find it, add the following in the [php] section:

expose_php = Off

Afterwards you will need to restart php-cgi, php-fpm, or apache, depending on what you’re using. Then when you check the headers:

neoproxy@apex[~]$ curl -I 8bitpipe.com
HTTP/1.1 200 OK
Date: Thu, 28 Feb 2013 15:17:34 GMT
Server: nginx
Connection: Keep-Alive
X-Pingback: http://8bitpipe.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8

  • http://www.ducea.com/2006/06/16/apache-tips-tricks-hide-php-version-x-powered-by/
  • http://www.php.net/manual/en/ini.core.php#ini.expose-php
Leave a Reply