Menu Close

Tag: apache

Apache – Hide PHP Version (X-Powered-By)


Applies: apache 1.3.x / apache 2.0.x Required apache module: mod-php4/mod-php5 Scope: php.ini Type: security

Description: How to hide the PHP version to remote requests. Useful: to not disclose un-needed information. As shown in Discover the web server software and version of a remote server anyone can find our valuable information from our apache server banner… This will show you how to suppress the PHP banner X-Powered-By.

Hide Apache version from hackers

A first line of defense in web application world is to hide as much info as possible from HTTP headers!

In this article we will see how easy it is to hide apache’s version number.

1. Keep a backup of file /etc/apache2/apache2.conf.

2. Open /etc/apache2/apache2.conf file for edit. For ubuntu users issue the following command:

sudo nano /etc/apache2/apache2.conf

Hosting multiple websites with Apache2


One of the most common Apache2 questions I’ve seen on Debian mailing lists is from users who wonder how to host multiple websites with a single server. This is very straightforward, especially with the additional tools the Debian package provides.

We’ve previously discussed some of the tools which are included in the Apache2 package, but what we didn’t do was show they’re used from start to finish.

There are many different ways you can configure Apache to host multiple sites, ranging from the simple to the complex. Here we’re only going to cover the basics with the use of the NameVirtualHost directive. The advantage of this approach is that you don’t need to hard-wire any IP addresses, and it will just worktm. The only thing you need is for your domain names to resolve to the IP address of your webserver.


Servername in Apache2

Towards the end of the install you will see this warning:

apache2: Could not reliably determine the server's fully qualified domain name,
using for ServerName

Although I’ll be going into some detail about the options and settings available in the main apache configuration file, let’s fix that warning straight away.

Open the main apache config:

sudo nano /etc/apache2/apache2.conf

At the bottom of the file add the following:

ServerName demo

Change the ServerName to your Slice hostname or a FQDN (remember this demo Slice has a hostname of ‘demo’).

Once done, save apache2.conf and gracefully restart Apache (this method of restarting won’t kill open connections):

sudo apache2ctl graceful

Now the warning has gone. Nice.

Setting up SSL: Ubuntu and Apache 2


Important Note!This steps were verified with Ubuntu 10.04 LTS, but this will be my last Ubuntu SSL how-to. I’ve switched to Debian — Ubuntu’s Unity interface is just plain silly on the desktop. So please refer to my Debian document in the future.This document requires that you’ve got a signed server.crt and a server.key file available. You may have just gone through my page Creating Certificate Authorities and self-signed SSL certificates. If not, go there first and follow the instructions.

The remaining steps involve Apache and other tweaks detailed step-by-step below. This file was originally written for Ubuntu 6.06, but has been kept current and verified with 10.04 Lucid Lynx. It should work with most/all releases in between — and probably Debian-based distros in general, with little or no modification.

Apache2 returns Internal Server Error serving HTTPS pages

Sometime configuring Apache2 for SSL it could return Internal Server Error.

If we look at error.log we have:

.htaccess: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration

This message tell us that we don’t have the module Rewrite or the module is not enabled.

For solve this issue, we can simple do:

sudo a2enmod rewrite
sudo /etc/init.d/apache2 restart