I've secured my server using "mod_security2" and changed the "Server:" header to a different value. It says: "Server: exampleserver". I used the following mod_security options:
ServerTokens Full
SecServerSignature exampleserver
A side effect is that $_SERVER["SERVER_SOFTWARE"] also equals "exampleserver".
Therefore the typical code to determine the server type no longer works:
if( strpos( $_SERVER['SERVER_SOFTWARE'], 'Apache') !== false)
echo 'Have Apache';
else
echo 'Have some other server';
While checking the information available from PHP, I found that this particular PHP7 setup has the "apache2handler" extension loaded in Apache.
So I updated my test to:
$isApache= extension_loaded('apache2handler')
||(strpos(getenv('SERVER_SOFTWARE'),'Apache')!==false);
Is there a better way to determine what the type of server is inside PHP when $_SERVER['SERVER_SOFTWARE'] is not available ?
