I'm using WAMP and wanted to know if it's ok for the forbidden page to show the services (Apache/PHP) and their version numbers? Is this standard practice?
Thanks
I'm using WAMP and wanted to know if it's ok for the forbidden page to show the services (Apache/PHP) and their version numbers? Is this standard practice?
Thanks
I think for a development system this is good practise while for a production system you should deactivate this feature. To do this you have to change the following lines in your httpd.conf/apache.conf:
ServerSignature off
ServerTokens prod
You would also have to set
expose_php off
in your php.ini to prevent php from showing the php version.