How can I disable PHP's "easter egg" URLs?
Solution 1:
in php.ini
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = Off
This will effectively remove the easter eggs
Solution 2:
A quick HTACCESS global rewrite could regex the exact string right out of every URL thus getting rid of the only fun part of PHP without touching the ini file nor needing a function at the beginning of every file.
Haven't tested this yet, but this should work:
RewriteEngine On
RewriteCond %{QUERY_STRING} \PHPE9568F36-D428-11d2-A769-00AA001ACF42\ [NC]
RewriteRule .* - [F]
Of course, just copy the last 2 lines for each of the other possible queries, or write a more generic regex. I'm not good with regex. :)
This version covers all of the easter egg fun and was found here:
RewriteEngine On
RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} [NC]
RewriteRule .* - [F]
Solution 3:
Update: This is removed in PHP 5.5, note how these links no longer work on php.net
http://phpsadness.com/sad/11