• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 922
  • Last Modified:

How to disable php version .htaccess


I cannot change the php.ini on the (plesk) shared hosting server and I would like to disable the PHP Version Check.
Can I do that with the .htaccess?

Or is there a beter solution?

2 Solutions
You might be able to use these directives to hide that, however, it will hide a lot of other webserver fingerprinting information as well.

ServerTokens Prod
ServerSignature Off
If you have a directory which users can upload files into it's a good idea for security reasons to disable server-side parsing of scripts such as PHP. This post shows a couple of options using Apache's .htaccess files.

Fadi SODAH (aka madunix)Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP and CCIPCommented:
you should  turn "Off" the "ServerSignature" parameter in httpd.conf which is "On" by default:
ServerSignature On|Off
A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

HPvHAuthor Commented:
I cant change that, it is a shared hosting website
Ok, you can set expose_php in you're php scripts/pages

ini_set('expose_php', 'Off');

You would just have to add to each php script/page...
Why do you want to hide that information
HPvHAuthor Commented:
My McAfee security check came with it as a prio 2 for McAfee and a prio 5 for credit card companies.
If you're doing this for PCI compliance, you might bug your hosting company to upgrade to latest stable releases on things, or find a new hosting company.. and you might look into dedicated server or vm hosting so you can have more control.

Additionally... the ServerSignatures directive can be place inside a VH, if you have any control over your VH config, you can apply that there.
Dote.. ServerSignatures directive can also be placed in .htacces.. forgot to mention that.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now