eZ publish - Disable ezinfo with .htaccess

The ezinfo module exposes the version number and other key information about an eZ publish installation.

It can be disabled through the eZ publish settings by adding these lines to override/site.ini.append.php:

Code

[SiteAccessRules]
Rules[]=access;disable
Rules[]=module;ezinfo

An additional level of protection can be achieved using a RewriteRule, like so:

Code

RewriteRule ^ezinfo.* http://domain.com/ [L]

In this case, requests for ezinfo will redirect to the home page, in effect they will appear to be ignored.

Other endpoints which may be used:

  • A server level 403 (access denied) or 404 (page not found) page. If this is the only page that gets these errors, people will still know it is an eZ site.
  • The ‘Error kernel (20)’ page, if it has been customized to act as a 404 page. Ending on this page, without customizing it doesn’t achieve much, since people familiar with eZ will be able to identify it as an eZ system by the message text.
  • A redirect off the server, strictly to frustrate the requester.
  • A bogus page with false information, which may be helpful in identifying harvesters.