You can turn off header responses in both apache and php. Inside the
php.ini you will find:

[ expose_php = Off ]

In the ini-dist its even switched off by default.
In the apache httpd.conf file you can set the following:

[ ServerSignature On ]

I believe you may also find some help in "mod_headers".

In short you can do alot with the configuration to mask what you are
running on what platform. If you are running FreeBSD you can even get it
to emulate the SYN packets (used for TCP operating system fingerprinting)
of alternative OS's (eg: Red Hat [why you would want people to think
you'd run RH, to I dont know] / Solaris).


>> Because its better to have someone waste time trying known hacks for a
>> platform I don't have than to have the same person not know the
>> platform and
>> start spending time figuring out what it is right off the bat.
> That will not work.. try the following:
> telnet yourserve 80
> and than type GET / HTTP1.0 and press Enter twice
> You'll see the server response which will tell anybody that the server
> is Apache and even the operation system it runs at.

Dan Hardiker [[EMAIL PROTECTED]]
ADAM Software & Systems Engineer
First Creative

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to