How to hide NGINX version in HTTP headers
- Last updated: Nov 3, 2023
- Views: 646
- Author: Admin
In this article, we'll talk about how easy it is to hide your NGINX web server version in HTTP headers.
When a user sends a request to your site, the NGINX web server first processes this request, and in response, NGINX sends confidential information to the user in HTTP headers, such as the NGINX version number. Displaying the NGINX version in the HTTP header is a security risk for your application. The NGINX version information could be enough for an attacker to exploit this vulnerability and gain access to your NGINX web server.
To reduce the risk of your application being hacked, this information must be hidden from the attacker in order to deprive the attacker of information about the version of your web server.
By default, the NGINX web server sends the NGINX version number to the user.
As you can see, NGINX sends a header called Server and this header contains the version number, this information must be hidden.
To hide the NGINX version number, you need to add the server_tokens parameter with the value off to the http directive in the main configuration file of the NGINX web server. The main NGINX configuration file is located at /etc/nginx and is called nginx.conf .
Open the file with any text editor convenient for you.
$. sudo vim /etc/nginx/nginx.conf
Add the server_tokens parameter.
After we have added the parameter, we now need to restart the NGINX web server using the following command:
$. sudo service nginx restart
Restart the browser and check.
As you can see, now the Server parameter does not contain any confidential information that can help an attacker harm your site.
Thank you all, I hope my article was of some help to you.