Category Archives: php5-fpm

Remove PHP X-Powered-By & Nginx Server Details from HTTP Response Header

To remove Server details from Response Header for e.g. security reasons, like

Server nginx/1.2.4
X-Powered-By PHP/5.3.17-1~dotdeb.0

it´s necessary to edit php.ini & nginx.conf as follows.

PHP:
To remove X-Powered-By completely, expose_php should be disabled in php.ini.
...
expose_php = Off
...


Nginx:

To remove Server Version from Header, server_tokens should be disabled in nginx.conf.
...
server_tokens off;
...

See also:
http://wiki.nginx.org/HttpCoreModule#server_tokens
http://forum.nginx.org/read.php?11,1646
http://wiki.nginx.org/NginxHttpHeadersMoreModule


concrete5 nginx configuration

Error:
“Concrete cannot parse the PATH_INFO or ORIG_PATH_INFO information provided by your server.”

Solution:

    location / {
      try_files $uri $uri/ /index.php/$request_uri;
    }

	location ~ \.php($|/) {
		set $script $uri;
		if ($uri ~ "^(.+\.php)(/.+)") {
			set $script $1;
		}
		include /etc/nginx/fastcgi_params;
		fastcgi_pass IP:Port;
		#fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_param PATH_INFO $fastcgi_script_name;
		fastcgi_param  URI $uri;
		fastcgi_intercept_errors on;
	}

http://blog.walterebert.com/using-prtty-urls-in-concrete5-with-nginx