Yadda ake Ɓoye Lambar Sigar PHP a cikin Header HTTP


Tsarin PHP, ta tsohuwa yana ba da damar uwar garken HTTP mayar da martani 'X-Powered-By' don nuna nau'in PHP da aka shigar akan sabar.

Don dalilan tsaro na uwar garken (ko da yake ba babbar barazana ce da za a damu ba), ana ba da shawarar cewa ka kashe ko ɓoye wannan bayanin daga maharan waɗanda za su iya kai hari ga uwar garken ta hanyar son sanin ko kuna gudanar da PHP ko a'a.

Zaton wani nau'in PHP na musamman da aka sanya akan sabar ku yana da ramukan tsaro, kuma a gefe guda, maharan sun san wannan, zai zama mafi sauƙi a gare su don amfani da raunin da kuma samun damar shiga ta hanyar rubutun.

A cikin labarin da na gabata, na nuna yadda ake ɓoye lambar sigar apache, inda kuka ga yadda ake kashe sigar shigar Apache. Amma idan kuna gudanar da PHP a cikin sabar gidan yanar gizonku na apache kuna buƙatar ɓoye sigar shigar da PHP kuma, wannan shine abin da zamu nuna a cikin wannan labarin.

Saboda haka, a cikin wannan sakon, za mu yi bayanin yadda ake ɓoye ko kashewa yana nuna lambar sigar PHP a cikin uwar garken martani na HTTP.

Ana iya saita wannan saitin a cikin fayil ɗin daidaitawar PHP. Idan baku san wurin da wannan fayil ɗin saitin yake akan sabar ku ba, gudanar da umarnin da ke ƙasa don nemo shi:

$ php -i | grep "Loaded Configuration File"
---------------- On CentOS/RHEL/Fedora ---------------- 
Loaded Configuration File => /etc/php.ini

---------------- On Debian/Ubuntu/Linux Mint ---------------- 
Loaded Configuration File => /etc/php/7.0/cli/php.ini

Kafin yin kowane canje-canje ga fayil ɗin sanyi na PHP, Ina ba da shawarar ku da farko yin madadin fayil ɗin daidaitawar PHP ɗinku kamar haka:

---------------- On CentOS/RHEL/Fedora ---------------- 
$ sudo cp /etc/php.ini /etc/php.ini.orig

---------------- On Debian/Ubuntu/Linux Mint ---------------- 
$ sudo cp /etc/php/7.0/cli/php.ini  /etc/php/7.0/cli/php.ini.orig  

Sannan buɗe fayil ɗin ta amfani da editan da kuka fi so tare da babban gata mai amfani kamar haka:

---------------- On CentOS/RHEL/Fedora ---------------- 
$ sudo vi /etc/php.ini

---------------- On Debian/Ubuntu/Linux Mint ---------------- 
$ sudo vi /etc/php/7.0/cli/php.ini

Nemo mabuɗin exose_php kuma saita ƙimarta zuwa Kashe:

expose_php = off

Ajiye fayil ɗin kuma fita. Bayan haka, sake kunna sabar gidan yanar gizon kamar haka:

---------------- On SystemD ---------------- 
$ sudo systemctl restart httpd
$ sudo systemctl restart apache2 

---------------- On SysVInit ---------------- 
$ sudo service httpd restart
$ sudo service apache2 restart

Ƙarshe amma ba kalla ba, bincika idan uwar garken HTTP martanin taken har yanzu yana nuna lambar sigar PHP ɗinku ta amfani da umarnin da ke ƙasa.

$ lynx -head -mime_header http://localhost 
OR
$ lynx -head -mime_header http://server-address

inda flags:

  1. -head - yana aika buƙatun HEAD don masu rubutun mime.
  2. -mime_header - yana buga taken MIME na daftarin aiki tare da tushen sa.

Lura: Tabbatar cewa an shigar da lynx - mai binciken gidan yanar gizon umarni akan tsarin ku.

Shi ke nan! A cikin wannan labarin, mun bayyana yadda ake ɓoye lambar sigar PHP a cikin uwar garken martani na HTTP don kare sabar gidan yanar gizo daga yiwuwar harin. Kuna iya ƙara ra'ayi zuwa wannan post ɗin ko wataƙila yin kowace tambaya mai alaƙa ta hanyar sharhin da ke ƙasa.