We can follow the below steps to remove the PHP X-Powered-By header from HTTP response for PHP 8.x apps on Linux App Service –
By default, PHP version is getting displayed as in the below screenshot-
Updating PHP Settings-
NOTE: If you already have an extensions.ini file, you can use the same command which will add the new setting to the file.
/home/site/ini>echo " expose_php = Off " >> settings.ini
If using SSH, you can use vi to create/edit the settings file using the following commands.
expose_php = Off
3. Press "Esc", then ":wq!" and enter to save.
Add an Application Setting-
We'll now need to go to the Azure Portal and add an Application Setting to scan the "ini" directory
1) Go to the Azure Portal (https://portal.azure.com) and select your App Service Linux PHP application.
2) Select Application Settings for the app.
3) Under the Application settings section, press the "+ Add new setting".
4) For the App Setting Name, enter "PHP_INI_SCAN_DIR". For the value, enter "/usr/local/etc/php/conf.d:/home/site/ini"
Testing –
Go to kudu site and run the command below and you can verify that PHP header is removed.
CURL -I <site url pointing to a PHP script>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.