Skip to content

I suggest you...

← Feature Suggestions

For security reasons: Turn off outputting PHP Version and also Webserver Version

PHP configuration:
Add the following Lines for Security Reasons!

exposephp = off
servertokens off

Why didn't Plesk decide to make these lines available as options in Plesk, as options?
In my opinion, no one cares which version I use when it comes to port scanning / Showdan.io. Especially with Showdan.io, you can filter computers that are vulnerable in seconds, e.g. find web servers or PHP versions that are problematic.

I ask for options in the GUI for ON / OFF, although someone at Plesk should first explain to me why these version numbers of vo, web server Nginx / Apache and PHP should be made public at all?
I suggest GUI options:
- "Show PHP version publicly" = On / Off (default: exposephp = off)
- "Show web server version" = On / Off (servertokens off)

12 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • [Deleted User] commented  ·   ·  Report

    Thank you Plesk Staff for consider this functionality in upcoming releases if it will be popular ;-)

    this feature should be easy to implement and protect millions of domains if you follow my advise and doing zero trust.

    TIA
    Jan

Feature Suggestions: Security

Categories

Feedback and Knowledge Base

(thinking…)