How to Remove x-powered-by in Apache

 How to Remove x-powered-by in Apache/PHP

Sometimes you may need to hide x-powered-by in Apache/PHP server to protect your web server’s identity and prevent malicious attackers from exploiting its security vulnerabilities. In this article, we will look at how to remove x-powered-by in Apache/PHP.

This code snippet, when added to your Apache server's configuration file (usually httpd.conf or a .htaccess file within your application's directory), will:

1. RemoveHeader Server: This directive removes the default "Server" header that Apache normally sends, which usually reveals the Apache server version.

2. RemoveHeader X-Powered-By: This directive specifically removes the "X-Powered-By" header, which would normally indicate that the server is running PHP.

To implement these changes:

1. Locate the configuration file: Find the appropriate configuration file for your Apache server. This is typically httpd.conf in the main Apache configuration directory, but it could also be a .htaccess file within your application's directory for more specific configuration.

2. Add the directives: Add the code snippet above to the desired location within the configuration file.

3. Restart Apache: Restart the Apache server for the changes to take effect.

Note:

• Removing the "Server" header can help to slightly obscure the specific server software you are using, but it doesn't provide strong security.
• The primary purpose of removing these headers is to minimize the information available to potential attackers, making it slightly more difficult for them to identify vulnerabilities or exploit weaknesses in your server.

How to Remove x-powered-by in Apache/PHP

There are multiple ways to remove x-powered-by in Apache/PHP. We will look at each of them one by one.

Using php.ini

If you have access to php.ini file (PHP configuration) file, typically found at /etc/php.ini or /etc/php5/apache2/php.ini depending on your Linux distribution, then open terminal and run the following command to view php.ini in a text editor.

$ sudo vi /etc/php.ini

Find the following line.

expose_php = on

Change it to the following, to hide x-powered-by header

expose_php = off

Save and close the file.

Restart Apache server to apply changes.

$ sudo service apache2 restart

Using PHP code
If you don’t have access to php.ini, just add the following to your PHP response, to remove or overwrite the x-powered-by header before sending it to the client.
The following function will remove x-powered-by header
<?php header_remove("X-Powered-By"); ?>
The following function will replace the x-powered-by header value ‘ABC’. You can change it as per your requirement.
<?php header("X-Powered-By: ABC"); ?>
As you can see it is easy to remove x-powered-by header in Apache/PHP.
To implement this:


Access your Apache configuration file: The location of this file varies depending on your operating system and Apache installation. Common locations include:

/etc/apache2/httpd.conf
/etc/apache2/apache2.conf
/usr/local/apache2/conf/httpd.conf



Add the code: Open the configuration file in a text editor and add the code snippet within the appropriate section (often within the <VirtualHost> block for a specific website).


Restart Apache: Save the configuration file and restart the Apache web server for the changes to take effect. You can usually do this with commands like:

sudo systemctl restart apache2 (on many Linux distributions)
sudo service apache2 restart (on some Linux distributions)


By removing these headers, you can slightly enhance the security of your web application by making it slightly harder for attackers to identify the specific server software and technologies you are using.