For security reasons: Turn off outputting PHP Version and also Webserver Version
PHP configuration:
Add the following Lines for Security Reasons!
exposephp = off
servertokens off
Why didn't Plesk decide to make these lines available as options in Plesk, as options?
In my opinion, no one cares which version I use when it comes to port scanning / Showdan.io. Especially with Showdan.io, you can filter computers that are vulnerable in seconds, e.g. find web servers or PHP versions that are problematic.
I ask for options in the GUI for ON / OFF, although someone at Plesk should first explain to me why these version numbers of vo, web server Nginx / Apache and PHP should be made public at all?
I suggest GUI options:
- "Show PHP version publicly" = On / Off (default: exposephp = off)
- "Show web server version" = On / Off (servertokens off)
Thank you for your idea! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
-- PD
-
[Deleted User] commented
Thank you Plesk Staff for consider this functionality in upcoming releases if it will be popular ;-)
this feature should be easy to implement and protect millions of domains if you follow my advise and doing zero trust.
TIA
Jan