PHP :: Bug #35209 :: X-Powered-By: PHP/4.4.1 is visible with expose

Bug #35209	X-Powered-By: PHP/4.4.1 is visible with expose_php=off
Submitted:	2005-11-13 23:41 UTC	Modified:	2005-11-14 10:12 UTC
From:	ghost777ghost at hotmail dot com	Assigned:
Status:	Not a bug	Package:	Apache related
PHP Version:	4.4.1	OS:	Trustix 2.2
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2005-11-13 23:41 UTC] ghost777ghost at hotmail dot com

Description:
------------
I have compiled php 4.4.1, with apache 1.3.34 on a trustix secure linux 2.2. I can not get X-Powered-By header,
nor built-in Easter-eggs to disappear. 

expose_php = Off is set in php.ini

(expose_php = 0 behaves the same)


This is the output of a head-request:
........................................
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Date: Sun, 13 Nov 2005 22:11:49 GMT
Server: Apache
X-Powered-By: PHP/4.4.1
Connection: close
Content-Type: text/html
........................................


compilation:

./configure --prefix=/usr/local/php --enable-memory-limit --enable-magic-quotes --enable-sockets --with-openssl --enable-force-cgi-redirect --enable-safe-mode --with-apache=/somedir/apache_1.3.34


Easter-egg:
?=PHPE9568F36-D428-11d2-A769-00AA001ACF42

I have php 4.4.0 with apache 1.3.33 on another trustix 2.2, and this setup responds to changes in expose_php, and it 
does not show X-Powered-By.

I will greatly appreciate any productive feedback to disable the exposure of php.


Best wishes from ghost

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-11-14 00:35 UTC] tony2001@php.net

Please check phpinfo() output and the value of expose_php there.

[2005-11-14 09:04 UTC] ghost777ghost at hotmail dot com

phpinfo() shows expose_php On 
in both Local Value and Master Value.

[2005-11-14 09:16 UTC] bjori@php.net

Please check which php.ini file is in use (with phpinfo()) and verify you changed expose_php in that file (restart apache)

[2005-11-14 09:53 UTC] ghost777ghost at hotmail dot com

And problem was solved.

'--prefix=/usr/local/php' sends php.ini to '/usr/local/php/lib'

I did a 'cp php.ini-dist /usr/local/lib/php.ini'

Anyway:
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Date: Mon, 14 Nov 2005 08:29:38 GMT
Server: Apache
Connection: close
Content-Type: text/html

I am very sorry for reporting a bogus and using your 
valuable time as support. This was not my intention. Thank 
you for all help, and keep up your great work - we all love php;)

[2005-11-14 10:12 UTC] johannes@php.net

No Bug -> Bogus

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 27 23:01:30 2024 UTC