3

I have a website written in Laravel 5.8 and when I search my website info on wappalyzer.com website, I can see all the entire information of my website there.

And this is not good due to OWASP security test. So I'm looking for a way to hide the information of my website on wappalyzer.com .

So here is the official suggestion for Laravel based websites:

Hide Laravel from Wappalyzer

The Laravel PHP framework can also be identified by inspecting a websites' cookies. It's possible to change the default cookie name to prevent this.

laravel.com/docs/session

But I don't get what it means by changing default cookie names!

So if you know, please help me out with this and I would really appreciate that...

demovow182
  • 87
  • 5
  • I'm curious what aspect of the OWASP security test makes the fact that wappalyzer.com knows you use Laravel not good – apokryfos Feb 19 '22 at 07:26

2 Answers2

2

Laravel uses the env's APP_NAME in the cookie name. By default the APP_NAME is "Laravel" so your cookie name will be "laravel_session". You can go ahead and change your app name in your .env file. You can also change the session part if you edit your config/session.php file or by adding SESSION_COOKIE to your env.

George Tudor
  • 136
  • 2
  • 4
2

in the config/session.php

The cookie created here:

'cookie' => env( 'SESSION_COOKIE', Str::slug(env('APP_NAME', 'laravel'), '_').'_session' ),

So, you just need to change the APP_NAME in .env

And dont forget the php artisan optimize to clear the cache

Milad
  • 95
  • 2
  • 8