Applicable to:
- Plesk for Linux
Question
How to remove PHP version from the X-Powered-By HTTP header?
Answer
-
Navigate to Domains > example.com > PHP Settings.
-
Put the following line to the Additional configuration directives section:
CONFIG_TEXT: expose_php = off
-
Verify that the header is not shown anymore:
# curl -sIL example.com/index.php | grep -c PHP
-
Connect to the Plesk server via SSH.
Note: If direct SSH access to the server is not possible, contact server administrator for further assistance.
-
Check if
php.ini
file for the handler contains theexpose_php
directive:# cat /opt/plesk/php/X.X/etc/php.ini | grep expose_php
expose_php = On- where X.X - a PHP version, e.g. 5.6, 7.0, 7.1, etc
-
If the directive is present (the output of the command from step 2 is the same), change
expose_php = On
toexpose_php = Off
.
If not, create a new.ini
configuration file in the appropriate PHP directory:# echo 'expose_php = off' > /opt/plesk/php/X.X/etc/php.d/hideheader.ini
- where X.X - a PHP version, e.g. 5.6, 7.0, 7.1, etc
-
Reload the Plesk PHP service configuration:
# service plesk-phpXX-fpm reload
-
where phpXX - a PHP version, e.g. php56, php70, php71, etc.
-
If the domains are using PHP FastCGI it is necessary to restart Apache webserver:
# systemctl restart httpd
-
-
Verify that the header is not shown anymore:
# curl -sIL example.com/index.php | grep -c PHP
-
Connect to the Plesk server via SSH.
Note: If direct SSH access to the server is not possible, contact server administrator for further assistance.
-
In
/etc/psa-webmail/horde/horde/php.ini
or/etc/psa-webmail/roundcube/php.ini
set expose_php parameter as below:CONFIG_TEXT: expose_php = Off
-
Restart Apache:
# service httpd restart
-
Verify that the header is not shown anymore:
# curl -sIL webmail.example.com/index.php | grep PHP
Comments
2 comments
Hello @Arvind Kumar Madhukar,
Both approaches are correct.
If expose_php is set to Off directly in php.ini or included as php.d/hideheader.ini, PHP version displaying is disabled in these cases.
It can be checked using a query like the following:
# /opt/plesk/php/X.X/bin/php -i | grep expose_php
expose_php => Off => Off
Hey !
I have followed the same steps but it wasn't working, in order to accomplish the same, i have manually edit the each fpm php.ini file and reload the same.
Example For X.X
/opt/plesk/php/X.X/etc/php.ini
change expose_php = On to expose_php = Off
where X.X is my php versions.
Please sign in to leave a comment.