Forum

Hiawatha version: 8.7
Operating System: Ubuntu 12.04 Desktop

http://www.freeimagehosting.net/kjnnt

^^^^^ is the screen shot of a firebug prompt that I was just testing my app on. I wanted to know if there is a option to remove the server from the response to the client? As that is a good deal of information a malicous user can use against you.

I also fear even if I use the access list the attacker will be served with this information. (not sure but it is easy to test)

This is a full screen on the info that firebug exposes. Also this is non SSL

http://www.freeimagehosting.net/vw2ff

ServerString = nginx/1.0.6 (lol)

but I still have the PHP showing. I have php_expose=off any other tricks?

Ah, you found the ServerString option.

Make sure you edited the right php.ini. There is one for cli, cgi and fpm. If you run PHP as a FastCGI daemon, restart it after changing php.ini

I had no idea of that option for Hiawatha, but then I started reading your change logs and I saw a command I never seen before so I went to the man pages. And I will get back to you when I get this to work.

http://www.freeimagehosting.net/2znlh

http://www.freeimagehosting.net/2gpq6

Well I'm not the smartest one out there but I do know how to play with the .ini files. I have expose=off and I only have php-fpm running. Nothing else. Any other tips?

Did you restart PHP after changing php.ini? Is the virtual host a reverse proxy host? In that case, the PHP header is coming from another server.

Nope not a reverse proxy, just a localhost server on my test bench (my lappy) and yes I have reloaded, restarted, stopped, started, pulled my hair.. all this to no avail

Can you show me your Hiawatha configuration?

http://codetidy.com/4607/

It was quite long so I just uploaded it to codetidy.

It all looks ok. I have no idea why the PHP HTTP header won't go away...