Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Disable X-Powered-By PHP version header via expose_php flag #169

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Disable X-Powered-By PHP version header via expose_php flag #169

wants to merge 1 commit into from

Conversation

jakejarvis
Copy link

Hello! This is a small change to the four php.ini files that would remove the X-Powered-By header, which publicly exposes the current PHP version we're including.

Screen Shot 2019-09-04 at 12 06 40 PM

Advertising this isn't a huge deal but it's arguably a small security risk if an exploit becomes available for an outdated Matomo instance, and disabling it in production is considered a good idea these days.

Thanks!

@jakejarvis
Copy link
Author

Just noticed this would close issue #167 as well. 😊

@J0WI J0WI added the upstream label Sep 12, 2020
@OskarsPakers
Copy link

OskarsPakers commented Mar 11, 2021
edited
Loading

Any chance to get this merged? It`s simple, straightforward and low risk.

@williamdes
Copy link

🏓 Also looking for this one to add a bit more security

@williamdes
Copy link

Solution:

    volumes:
#      - ./config:/var/www/html/config:rw
#      - ./logs:/var/www/html/logs
      - matomo:/var/www/html
      - ./php.ini:/usr/local/etc/php/conf.d/php-matomo-custom.ini:ro

Add a custom file with the line added in this PR

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
upstream
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jakejarvis @OskarsPakers @williamdes @J0WI