Hide PHP version header in Apache images (#190)

* Set expose_php to off to hide PHP version * Added test to verify PHP version is not exposed
ckulka · May 4, 2024 · f3adbc8 · f3adbc8
1 parent dd8be89
commit f3adbc8
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 4 deletions.
diff --git a/apache-php8.2.dockerfile b/apache-php8.2.dockerfile
@@ -21,6 +21,7 @@ RUN apt-get update            &&\
 # Configure Apache + HTTPS
 COPY files/apache.conf /etc/apache2/sites-enabled/000-default.conf
 RUN a2enmod rewrite ssl && openssl req -x509 -newkey rsa:2048 -subj "/C=  " -keyout /etc/ssl/private/baikal.private.pem -out /etc/ssl/private/baikal.public.pem -days 3650 -nodes
+RUN sed 's/expose_php = On/expose_php = Off/g' /usr/local/etc/php/php.ini-production > /usr/local/etc/php/php.ini
 
 # Expose HTTPS & data directory
 EXPOSE 443

diff --git a/apache.dockerfile b/apache.dockerfile
@@ -21,6 +21,7 @@ RUN apt-get update            &&\
 # Configure Apache + HTTPS
 COPY files/apache.conf /etc/apache2/sites-enabled/000-default.conf
 RUN a2enmod rewrite ssl && openssl req -x509 -newkey rsa:2048 -subj "/C=  " -keyout /etc/ssl/private/baikal.private.pem -out /etc/ssl/private/baikal.public.pem -days 3650 -nodes
+RUN sed 's/expose_php = On/expose_php = Off/g' /usr/local/etc/php/php.ini-production > /usr/local/etc/php/php.ini
 
 # Expose HTTPS & data directory
 EXPOSE 443

diff --git a/cypress.config.ts b/cypress.config.ts
@@ -6,12 +6,10 @@ let config = {
     screenshotsFolder: "cypress/screenshots",
     excludeSpecPattern: "",
   },
-  reporterOptions: {
-    mochaFile: "results/my-test-output.txt",
-    toConsole: true,
-  },
 };
 
+// If MSMTP is enabled, we will use a different screenshots folder,
+// otherwise exclude the MSMTP tests.
 if (process.env.CYPRESS_MSMTP_ENABLED ?? false) {
   config.e2e.screenshotsFolder = "cypress/screenshots/msmtp";
 } else {

diff --git a/cypress/e2e/expose-php.cy.ts b/cypress/e2e/expose-php.cy.ts
@@ -0,0 +1,10 @@
+// Test to check if PHP version is hidden in the response headers
+// See https://github.com/ckulka/baikal-docker/issues/111
+describe("Hidden PHP version header (#111)", () => {
+  it("Should not expose PHP version", () => {
+    cy.request("localhost").should((response) => {
+      expect(response.headers["x-powered-by"], "HTTP header 'x-powered-by'").to
+        .be.undefined;
+    });
+  });
+});