Expose_php = off not working

at the first time , i try to use proxy_hide_header to strip it off , but it doesn't work

then I had changed the etc/php.ini , set the expose_php = Off

but the X-Powered-By header just still there

root@wordpress:~# ps -ef |grep php | grep -v grep
root     10643     1  0 23:22 ?        00:00:00 php-fpm: master process (/usr/local/php-5.3.26/etc/php-fpm.conf)                                                                                  
nobody   10644 10643  0 23:22 ?        00:00:00 php-fpm: pool www                                                                                                                                 
nobody   10645 10643  0 23:22 ?        00:00:00 php-fpm: pool www                                                                                                                                 
root@wordpress:~# 

my php version is php 5.3.26

Configure Command =>  './configure'  '--prefix=/usr/local/php-5.3.26' '--with-config-file-path=/usr/local/php-5.3.26/etc' '--enable-fpm' '--enable-debug' '--with-openssl' '--with-pcre-regex' '--with-zlib' '--with-bz2' '--with-curl=/usr/lib/' '--with-readline=/lib' '--with-libxml-dir=/usr/lib' '--with-mysql=/usr/local/mysql'

PHP Version => 5.3.26

System => Linux wordpress.ruby-mine.com 3.9.3-x86_64-linode33 #1 SMP Mon May 20 10:22:57 EDT 2013 x86_64
Build Date => Jun 11 2013 21:58:26
Configure Command =>  ./configure  --prefix=/usr/local/php-5.3.26 --with-config-file-path=/usr/local/php-5.3.26/etc --enable-fpm --enable-debug --with-openssl --with-pcre-regex --with-zlib --with-bz2 --with-curl=/usr/lib/ --with-readline=/lib --with-libxml-dir=/usr/lib --with-mysql=/usr/local/mysql
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /usr/local/php-5.3.26/etc

and I also note that , the output of php -i shows that expose_php = on

root@wordpress:/usr/local/php/etc# php -i | grep Configuration
Configuration File (php.ini) Path => /usr/local/php-5.3.26/etc
Loaded Configuration File => (none)
Configuration
root@wordpress:/usr/local/php/etc# 


root@wordpress:/usr/local/php-5.3.26/etc# ll /usr/local/php-5.3.26/etc/php.ini
-rw-rw-rw- 1 root root 69628 Jun 11 22:51 /usr/local/php-5.3.26/etc/php.ini
root@wordpress:/usr/local/php-5.3.26/etc# 

This article describes how to enable and disable the expose_php directive in a custom php.ini file.

The information in this article only applies to certain types of hosting accounts. To determine whether or not the information below applies to your account, please see this article.

This article assumes that you have already set up a custom php.ini file on your web site. If you have not already set up a custom php.ini file, please read this article first.

Using the expose_php directive

When the expose_php directive is enabled, PHP includes the following line in the HTTP response header when a PHP page is requested (the exact version number may differ depending on your configuration):

X-Powered-By: PHP/5.3.27

By default, the expose_php directive is enabled. However, you may not want to broadcast the specific PHP version your site is using. Similarly, some third-party applications require the expose_php directive to be disabled.

To disable the expose_php directive, use a text editor to modify your php.ini file as follows:

expose_php = off

With the expose_php directive disabled, PHP will not send the X-Powered-By header. To re-enable the expose_php directive and send the X-Powered-By header, modify your php.ini file as follows:

expose_php = on

To verify the current value of the expose_php directive and other directives, you can use the phpinfo() function. For more information, please see this article.

More Information

• To view a complete list of php.ini directives, please visit http://www.php.net/manual/en/ini.list.php.
• For more information about the expose_php directive, please visit http://docs.php.net/manual/en/ini.core.php#ini.expose-php.

According to phpinfo:

Loaded Configuration File: /etc/php5/fpm/php.ini

# grep expose_php /etc/php5/fpm  -R
    /etc/php5/fpm/php.ini:expose_php = Off
    /etc/php5/fpm/pool.d/www.conf:php_flag[expose_php] = off

# curl -I https://MyHost.loc/i.php | head | grep X-Powered-By
X-Powered-By: PHP/5.5.9-1ubuntu4

Can someone confirm this in Ubuntu 14.04?

Any idea how to get rid of X-Powered-By?

asked Apr 16, 2014 at 10:56

RufinusRufinus

1912 silver badges9 bronze badges

It seems there is a bug in the init script. restart didnt restarted the php fpm but didnt reported a problem either. stop & start worked and lead the no more X-Powered-By.

answered Apr 16, 2014 at 12:11

RufinusRufinus

1912 silver badges9 bronze badges

Add proxy_hide_header X-Powered-By; to the corresponding nginx site-enabled file and restart it.

answered Apr 24, 2017 at 10:19

HumberHumber

4512 gold badges7 silver badges17 bronze badges

I had a similar problem with bitnami's wordpress image where php-fpm is wrapped. It wasn't a bug with restart or anything, it was a configuration format problem.

The format for configuration that worked for me: php_flag[expose_php]=off

echo "php_flag[expose_php]=off" >> /opt/bitnami/apps/wordpress/conf/php-fpm/php-settings.conf
cd /opt/bitnami
./ctlscript.sh restart php-fpm

answered Dec 21, 2017 at 15:12

GabLeRouxGabLeRoux

1631 silver badge7 bronze badges

Should I turn off expose_php?

How to turn off expose_ PHP?