I have a website written in Laravel 5.8 and when I search my website info on wappalyzer.com website, I can see all the entire information of my website there.
And this is not good due to OWASP security test. So I'm looking for a way to hide the information of my website on wappalyzer.com .
So here is the official suggestion for Laravel based websites:
Hide Laravel from Wappalyzer
The Laravel PHP framework can also be identified by inspecting a websites' cookies. It's possible to change the default cookie name to prevent this.
But I don't get what it means by changing default cookie names!
So if you know, please help me out with this and I would really appreciate that...
CodePudding user response:
Laravel uses the env's APP_NAME
in the cookie name. By default the APP_NAME
is "Laravel" so your cookie name will be "laravel_session". You can go ahead and change your app name in your .env
file. You can also change the session
part if you edit your config/session.php
file or by adding SESSION_COOKIE
to your env.
CodePudding user response:
in the config/session.php
The cookie created here:
'cookie' => env( 'SESSION_COOKIE', Str::slug(env('APP_NAME', 'laravel'), '_').'_session' ),
So, you just need to change the APP_NAME in .env
And dont forget the php artisan optimize
to clear the cache