Menu

How to Hide Nginx Version from HTTP Header

Written by , Updated on January 29, 2017
Security

When you configure your production and development infrastructure. The primary concern should be security. You may face serious consequences in the future. You must apply to security in many directions. In that, If you are running your application with NGINX web server, you should apply this security tip on your server.

Check Unsecure HTTP Header

Check the http header of your server, You will see the version of NGINX server running. Hackers can use this information for hacking.

$ curl -I http://example.com

You can see that your server is running with NGINX 1.10.0 server.

HTTP/1.1 200 OK
Server: nginx/1.10.0 (Ubuntu)
Date: Wed, 26 Oct 2016 11:48:36 GMT
Content-Type: text/html
Content-Length: 11321
Last-Modified: Thu, 20 Oct 2016 05:30:08 GMT
Connection: keep-alive
ETag: "58649f60-2c39"
Accept-Ranges: bytes

Hide Apache2 Version
Edit your NGIX configuration file and set the server_tokens variable value to off, either in the http, server or location sections as following.
 server_tokens off;

Check Unsecure HTTP Header
After makeing above changes, re-check the http header values using following command.
$ curl -I http://example.com

Now you can see that header is only showing that Apache is runnign, but no version or OS details available there.

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Oct 2016 11:48:36 GMT
Content-Type: text/html
Content-Length: 11321
Last-Modified: Thu, 20 Oct 2016 05:30:08 GMT
Connection: keep-alive
ETag: "58649f60-2c39"
Accept-Ranges: bytes
Rahul
Rahul
Connect on Facebook Connect on Twitter Connect on Google+

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

Leave a Reply

Copyright © 2013-2019 TecAdmin.net. All Rights Reserved. This site uses cookies. By using this website you agree with our term and services