On a default installation of the Nginx web server, the error pages show the version of Nginx software running on your server. Displaying software version is not good for security and visitors don’t need to know what version of Nginx web server you are using. For hackers, if they know the version, they can see if that particular version of the Nginx web server is vulnerable to any exploit and hack the server if there is an exploit available.
To hide the Nginx version, edit
vi /etc/nginx/nginx.conf
Under “http” section, add
server_tokens off;
Restart Nginx
systemctl restart nginx
After restart, the error page won’t show the Nginx version.
Before
boby@sok-01:~$ curl -I http://serverok.test/
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 14 Nov 2021 06:11:24 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-aliveboby@sok-01:~$
After
boby@sok-01:~$ curl -I http://serverok.test/
HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 14 Nov 2021 06:20:54 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-aliveboby@sok-01:~$
See Nginx
Leave a Reply