Consortium News
Promotional Links
Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information

expose_php

Test Description

This test determines if the expose_php setting is enabled.

Security Implications

When enabled, expose_php reports in every request that PHP is being used to process the request, and what version of PHP is installed. Malicious users looking for potentially vulnerable targets can use this to identify a weakness.

expose_php is enabled by default.

Recommendations

Turn expose_php off. It won't by itself fend off a determined attacker, but it will lower visibility to attacks that rely on simple reconnaissance techniques to scan for vulnerable targets.

You can only disable expose_php in the php.ini file:

; Disable expose_php for security reasons
expose_php = 'off'

More Information

« Test information index

Get PhpSecInfo