How to hide NGINX version in HTTP headers

  • Last updated: Nov 3, 2023
  • Views: 748
  • Author: Admin
How to hide NGINX version in HTTP headers

Hello colleagues.

In this article, we'll talk about how easy it is to hide your NGINX web server version in HTTP headers.

When a user sends a request to your site, the NGINX web server first processes this request, and in response, NGINX sends confidential information to the user in HTTP headers, such as the NGINX version number. Displaying the NGINX version in the HTTP header is a security risk for your application. The NGINX version information could be enough for an attacker to exploit this vulnerability and gain access to your NGINX web server.

To reduce the risk of your application being hacked, this information must be hidden from the attacker in order to deprive the attacker of information about the version of your web server.

 

By default, the NGINX web server sends the NGINX version number to the user.

nginx hide version

As you can see, NGINX sends a header called Server and this header contains the version number, this information must be hidden.


 

To hide the NGINX version number, you need to add the server_tokens parameter with the value off to the http directive in the main configuration file of the NGINX web server. The main NGINX configuration file is located at /etc/nginx and is called nginx.conf .

Open the file with any text editor convenient for you.

$. sudo vim /etc/nginx/nginx.conf

 

Add the server_tokens parameter.

http {
    server_tokens off;
}

nginx hide version

After we have added the parameter, we now need to restart the NGINX web server using the following command:

$. sudo service nginx restart


 

Restart the browser and check.

nginx hide version

As you can see, now the Server parameter does not contain any confidential information that can help an attacker harm your site.


 

Thank you all, I hope my article was of some help to you.

SIMILAR ARTICLES

Firewall open port 80 443 on Linux CentOS/RHEL 8/7

Firewall open port 80 443 on Linux CentOS/RHEL 8/7

How to disable Firewall in Linux

How to disable Firewall in Linux

PHP - How to hide X-Powered-by in HTTP headers

PHP - How to hide X-Powered-by in HTTP headers