Scope: Meant for admins, but affecting customers in a very minor way
Hi everyone! Nice to see that Enhance now has a community as well! One pet peeve of the current Apache+PHP deployment is that by default it is leaking version numbers in every single response, namely:
Server: Apache/2.4.54 (Unix) OpenSSL/1.1.1n
X-Powered-By: PHP/8.1.12
While the latter can be avoided by manually disabling expose_php
in the PHP configuration editor, I was unable to find any solution for suppressing the Apache server version. The configuration directive ServerTokens
obviously exists, but it does not work within a .htaccess
file and if I'm not mistaken there is no way to customise the Apache configuration on a global level.
I would propose that these two defaults are being established to avoid leaking this information to the public:
ServerTokens Prod
to only send Server: Apache
expose_php = off
to avoid of X-Powered-By