The Note You're Voting On
marpetr at NOSPAM dot gmail dot com ¶18 years ago
I think the best way to hide PHP on Apache and Apache itself is this:
httpd.conf
-------------
# ...
# Minimize 'Server' header information
ServerTokens Prod
# Disable server signature on server generated pages
ServerSignature Off
# ...
# Set default file type to PHP
DefaultType application/x-httpd-php
# ...
php.ini
------------
; ...
expose_php = Off
; ...
Now the URLs will look like this:
http://my.server.com/forums/post?forumid=15
Now hacker knows only that you are using Apache.
