{"id":1574,"date":"2013-08-04T18:30:44","date_gmt":"2013-08-05T01:30:44","guid":{"rendered":"http:\/\/www.virendrachandak.com\/techtalk\/\/?p=1574"},"modified":"2023-06-07T11:35:15","modified_gmt":"2023-06-07T18:35:15","slug":"how-to-hide-nginx-version-number-in-headers-and-errors-pages","status":"publish","type":"post","link":"https:\/\/www.virendrachandak.com\/techtalk\/how-to-hide-nginx-version-number-in-headers-and-errors-pages\/","title":{"rendered":"How to hide Nginx version number in headers and errors pages"},"content":{"rendered":"

In default Nginx configuration, the server sends HTTP Header with the information of Nginx version number of the Server. The HTTP response header \u201cServer\u201d displays the version number of the server. This information can be used by hackers to try to exploit any vulnerabilities in the Nginx, specially if you are running an older version with known vulnerabilities.<\/p>\n

Sample HTTP Response Header:<\/p>\n

\r\nHTTP\/1.1 200 OK\r\nServer: nginx\/1.2.6 (Ubuntu)\r\nDate: Wed, 31 Jul 2013 19:47:33 GMT\r\n<\/pre>\n
<\/p>\n
Note<\/strong>: This is just one way to identify the details. Also, even if this information is not available hackers might still try to hack it using other ways.<\/div>\n
There is an easy way to hide the Nginx version number from the HTTP headers. By setting the “server_tokens<\/strong>” variables in your nginx.conf file the server information would not longer be added to the HTTP headers. Use the following lines in you nginx.conf file. Make sure to back up you file before editing so that in case something goes wrong you can easily revert. After making the changes restart your nginx (Note<\/strong>: Doing so will take your site down, if it runs only on 1 server).<\/p>\n
\r\nserver_tokens off;\r\n<\/pre>\n
After using the above directives the HTTP headers will look similar to this:<\/div>\n
\r\nHTTP\/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 31 Jul 2013 19:49:15 GMT\r\n<\/pre>\n
\n
\nNote<\/strong><\/span>: Make these changes in your server only if you are sure you know you can do them. If you make a mistake in the nginx.conf file, your site won’t work. So be very careful when making these changes. Also, it is always good to take a backup of the existing file before making any changes, in case you want to revert.\n<\/div>\n
\nRelated Link<\/strong>:<\/p>\n