For some people announcing what type of web applications you run may be undesirable. If you are developing in PHP and you want to hide the fact that you are using PHP, this tutorial will cover some steps to achieving this. Right now you might be scratching your head wondering why, but this is a very common question that we have received. So, it's time to put on a set of beer goggles to the world and hide that PHP you're running on your web server.
The first step we'll need to do is planning. We can think about this in a few ways, the first being what type of file extension should you use. The trick here is not coming up with a cool file extension and, yes ".ass" is a funny one, but come on :) The important thing is that if you are going use a file extension other than PHP, you should consider the fact that it may conflict with an application mime type, so you'll want to take a look at the available mime type file extensions out there and then choose something that isn't available. Here's a list that I have obtained from somewhere that I can not remember, but it's pretty much up to date. Mime Type File Extension List
Ok, so for the sake of keeping this fun, we're going to use ".ass" instead of ".php". The first thing we'll need to do is setup Apache Web Server to allow us to use this "ass" that we've created. Are you laughing yet? I hope so. Let's open up the Apache httpd.conf file and go to the area where we have added AddType application/x-httpd-php .php and just add a .ass behind it. It should look like this:
AddType application/x-httpd-php .php .ass
Once you have achieved entering your "ass" into the httpd.conf file, restart apache. Usually it could be "httpd restart" or "apachectl restart", it all depends on your system.
Now, once we rename all of our PHP scripts to ".ass" instead of ".php" you'll be able to call up and it will run just like it was if it were named .php.
Another thing we may want to adjust in the Apache httpd.conf file is the ServerSignature to OFF and then edit your php.ini file to include "expose_php = off". These settings together will make it more difficult for hackers to discover what versions of your web server, parsing engine and other valuable information your server can give out voluntarily.
The above steps have followed the PHP Manual's steps for "Hiding PHP" plus a few other tips I have read in the Apache Manuals.
I have another useful method that I would use called: mod_rewrite. I have a tutorial that you can follow here: Search Engine Friendly URL's With mod_rewrite This may be a more difficult way of accomplishing these tasks, but you'll have to weigh the amount of work you want to do.
Just a quick recap of what we just did:
1.) Edit httpd.conf to reflect "AddType application/x-httpd-php .php .ass"
2.) Edit httpd.conf to reflect "ServerSignature Off"
3.) Edit php.ini file to reflect "expose_php = off"
4.) Rename all .php files to .ass and then fix all hyperlinks to reflect .ass instead of .php
5.) Restart Apache Web Server and prepare to show your ass!
Good luck hiding your PHP!
这个有点老了点,,,并且实现的是将.php换成其他的,而不是实现此刻较量常见的那些 url/数字
再找找研究研究~~~