php - 如何禁用 PHP 的 "easter egg"URL？

Question

我最近发现了所谓的 "easter egg URLs"在 PHP 中:

These are the four QUERY strings you can add to the end of a PHP web page to view a (somewhat) hidden image or web page:

1. ?=PHPE9568F36-D428-11d2-A769-00AA001ACF42

This one is the most interesting, and displays an "easter egg" image of either a rabbit in a house (Sterling Hughes' rabbit, named Carmella), a brown dog in the grass, a black Scottish Terrier dog, a sloppy child hand-drawn, crayon-colored php logo, a guy with breadsticks (looks like pencils or french fries) sticking out of his mouth like a walrus, or a PHP elephant logo.

其他包括:

• ?=PHPE9568F34-D428-11d2-A769-00AA001ACF42(PHP Logo )
• ?=PHPE9568F35-D428-11d2-A769-00AA001ACF42(Zend Logo )
• ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000(PHP 积分)

我震惊地发现这确实适用于很多网站，包括我自己的网站。我认为这是愚蠢的，想禁用它，但据我所知，唯一的方法是在 php.ini 中使用 expose_php = Off，它 can't be set at runtime用 ini_set().

我无法直接访问实时服务器上的 php.ini。 但是，我已经知道如何取消设置 X-Powered-By header 通过使用 Header unset X-Powered-By在 .htaccess 或 PHP 代码中的 header('X-Powered-By: ') 中。

有没有其他方法可以禁用这些“复活节彩蛋”，或者我必须在主 php.ini 中更改此设置(这确实是正确/唯一的方法禁用这些 URL)？

Answer 1

在 php.ini 中

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
 expose_php = Off

这将有效地去除复活节彩蛋