Date: Fri, 15 Aug 2014 00:12:01 GMT
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.4-14+deb7u12
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=utf-8
这些信息会被有心攻击者利用。
可以考虑把这些信息关闭:
关闭列出目录:
a2dismod autoindex
关闭PHP版本信息X-Powered-By:
php.ini
expose_php On
隐藏 Apache 版本信息
/etc/apache2/apache2.conf 或 /etc/httpd/conf/httpd.conf
ServerTokens ProductOnly
ServerSignature Off
修改之后:
Date: Fri, 15 Aug 2014 00:30:05 GMT
Server: Apache
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html;charset=utf-8