docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon matomo-org

Disable X-Powered-By PHP version header via expose_php flag

Open jakejarvis opened this issue 6 years ago • 4 comments

Hello! This is a small change to the four php.ini files that would remove the X-Powered-By header, which publicly exposes the current PHP version we're including.

Screen Shot 2019-09-04 at 12 06 40 PM

Advertising this isn't a huge deal but it's arguably a small security risk if an exploit becomes available for an outdated Matomo instance, and disabling it in production is considered a good idea these days.

Thanks!

jakejarvis avatar Sep 04 '19 16:09 jakejarvis

Just noticed this would close issue #167 as well. 😊

jakejarvis avatar Sep 04 '19 16:09 jakejarvis

Any chance to get this merged? It`s simple, straightforward and low risk.

OskarsPakers avatar Mar 11 '21 13:03 OskarsPakers

🏓 Also looking for this one to add a bit more security

williamdes avatar Aug 24 '21 16:08 williamdes

Solution:

    volumes:
#      - ./config:/var/www/html/config:rw
#      - ./logs:/var/www/html/logs
      - matomo:/var/www/html
      - ./php.ini:/usr/local/etc/php/conf.d/php-matomo-custom.ini:ro

Add a custom file with the line added in this PR

williamdes avatar Aug 24 '21 16:08 williamdes