Sometimes you may need to hide x-powered-by in Apache/PHP server to protect your web server’s identity and prevent malicious attackers from exploiting its security vulnerabilities. In this article, we will look at how to remove x-powered-by in Apache/PHP.
How to Remove x-powered-by in Apache/PHP
There are multiple ways to remove x-powered-by in Apache/PHP. We will look at each of them one by one.
Also read : How to Disable HTTP OPTIONS methods in Apache
If you have access to php.ini file (PHP configuration) file, typically found at /etc/php.ini or /etc/php5/apache2/php.ini depending on your Linux distribution, then open terminal and run the following command to view php.ini in a text editor.
$ sudo vi /etc/php.ini
Find the following line.
Change it to the following, to hide x-powered-by header
expose_php = off
Save and close the file.
Restart Apache server to apply changes.
$ sudo service apache2 restart
Using PHP code
If you don’t have access to php.ini, just add the following to your PHP response, to remove or overwrite the x-powered-by header before sending it to the client.
The following function will remove x-powered-by header
Also Read : How to enable mod_rewrite in XAMPP, WAMP
The following function will replace the x-powered-by header value ‘ABC’. You can change it as per your requirement.
As you can see it is easy to remove x-powered-by header in Apache/PHP.