Home>Article>Backend Development> How does PHP obtain the header information of a specified URL and hide and close it?
1. How to obtain the header information of the specified URL in PHP
Super simple, just one line of command:
Array ( [0] => HTTP/1.1 403 Forbidden [1] => Date: Sun, 24 Jan 2021 05:09:48 GMT [2] => Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1i PHP/7.3.26 [3] => Content-Length: 199 [4] => Connection: close [5] => Content-Type: text/html; charset=iso-8859-1 )
2. How to disable display or The method of hiding header information
is divided into two steps. The first step is to changeexpose_php = On
in thePHP.ini
file toexpose_php = Off
, after restartingApache
, take another look at
Array ( [0] => HTTP/1.1 403 Forbidden [1] => Date: Sun, 24 Jan 2021 05:10:50 GMT [2] => Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1i [3] => Content-Length: 199 [4] => Connection: close [5] => Content-Type: text/html; charset=iso-8859-1 )
After restarting, we can see that the information about thePHP
version is no longer displayed , but the information ofApache
and service name is still displayed. We need to be more thorough to ensure safety. We need to add two instructions to Apache's httpd.conf. First, let's confirm whether there are the following two configuration instructions in Apache's httpd.conf file. If not, directly add two lines of data at the bottom of the configuration file.
ServerTokens Prod ServerSignature Off
For the instruction configuration parameters of ServerTokens, please see the instructions below:
ServerTokens Prod 显示“Server: Apache” ServerTokens Major 显示 “Server: Apache/2″ ServerTokens Minor 显示“Server: Apache/2.2″ ServerTokens Min 显示“Server: Apache/2.2.17″ ServerTokens OS 显示 “Server: Apache/2.2.17 (Unix)” ServerTokens Full 显示 “Server: Apache/2.2.17 (Unix) PHP/5.3.5″ (如果未指定任何的值,这个是默认的返回信息)
Instructions for ServerSignature On:
When set to On, when a user requests to access the webpage of our website that does not exist, the server will display an error message. The error message will include the name of the server andApache
at the bottom of the page. Version and other related information are displayed, which will provide some convenience for some unscrupulous people to exploit known version vulnerabilities. So we'd better not display this information, we can set this parameter toOff
.
By modifying these two parameter configuration files, the final effect of obtainingheader
is as follows:
Array ( [0] => HTTP/1.1 403 Forbidden [1] => Date: Sun, 24 Jan 2021 04:54:49 GMT [2] => Server: Apache [3] => Content-Length: 258 [4] => Connection: close [5] => Content-Type: text/html; charset=iso-8859-1 )
Recommended: "php video tutorial"《php tutorial》
The above is the detailed content of How does PHP obtain the header information of a specified URL and hide and close it?. For more information, please follow other related articles on the PHP Chinese website!