?
Solved

How to disable php version .htaccess

Posted on 2010-08-19
9
Medium Priority
?
918 Views
Last Modified: 2013-11-08
Hi,

I cannot change the php.ini on the (plesk) shared hosting server and I would like to disable the PHP Version Check.
Can I do that with the .htaccess?

Or is there a beter solution?

Thanks
0
Comment
Question by:HPvH
9 Comments
 
LVL 9

Expert Comment

by:jeremycrussell
ID: 33480070
You might be able to use these directives to hide that, however, it will hide a lot of other webserver fingerprinting information as well.

ServerTokens Prod
ServerSignature Off
0
 

Expert Comment

by:ruthannbasnillo
ID: 33480098
If you have a directory which users can upload files into it's a good idea for security reasons to disable server-side parsing of scripts such as PHP. This post shows a couple of options using Apache's .htaccess files.

http://www.electrictoolbox.com/disable-php-apache-htaccess/
0
 
LVL 25

Expert Comment

by:madunix
ID: 33480205
you should  turn "Off" the "ServerSignature" parameter in httpd.conf which is "On" by default:
ServerSignature On|Off
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:HPvH
ID: 33480244
I cant change that, it is a shared hosting website
0
 
LVL 9

Expert Comment

by:jeremycrussell
ID: 33480340
Ok, you can set expose_php in you're php scripts/pages

ini_set('expose_php', 'Off');

You would just have to add to each php script/page...
0
 
LVL 11

Expert Comment

by:mattibutt
ID: 33482941
Why do you want to hide that information
0
 

Author Comment

by:HPvH
ID: 33483376
My McAfee security check came with it as a prio 2 for McAfee and a prio 5 for credit card companies.
0
 
LVL 9

Accepted Solution

by:
jeremycrussell earned 1000 total points
ID: 33485402
If you're doing this for PCI compliance, you might bug your hosting company to upgrade to latest stable releases on things, or find a new hosting company.. and you might look into dedicated server or vm hosting so you can have more control.

Additionally... the ServerSignatures directive can be place inside a VH, if you have any control over your VH config, you can apply that there.
0
 
LVL 9

Assisted Solution

by:jeremycrussell
jeremycrussell earned 1000 total points
ID: 33485413
Dote.. ServerSignatures directive can also be placed in .htacces.. forgot to mention that.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses
Course of the Month15 days, 16 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question