In this tutorial we will learn How To Hide Nginx Server Default Header on your Linux server. In default Nginx configuration, the server sends HTTP Header with the information of Nginx version number of the Server. The HTTP response header “Server” displays the version number of the server. This information can be used to try to exploit any vulnerabilities in the Nginx, specially if you are running an older version with known vulnerabilities.
Hiding nginx version is very easy and it’s done using server_tokens directive. This tutorial helps you customize the name of the server on your host.
Hide Nginx Server Header
Step 1. Go to nginx/conf folder (it can be located at /etc/nginx/nginx.conf or /usr/local/nginx/conf/nginx.conf file)
Step 2. Hide Nginx version.
Add following in nginx.conf under server section:
server_tokens off;
Step 3. Restart nginx web server:
service nginx restart
Let’s verify if we see the server information now:
curl -I https://wpcademy.com/ HTTP/1.1 200 OK Server: nginx Date: Sun, 03 Aug 2014 06:06:52 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding X-Pingback: https://wpcademy.com/xmlrpc.php
Congratulation’s! You have successfully hide Nginx version. For additional help or useful information, we recommend you to check the official Nginx web site.
You Might Also Like: How To Install Nginx Web Server On CentOS