Last updated on August 10th, 2020 at 03:05 am
By default, NGINX returns server signature in response headers which contains information such as server name and version. This NGINX server string information can be misused by malicious attackers. Here’s how to hide NGINX server version from header. You can use the same steps to hide NGINX server information such as NGINX server signature and server name. In fact, it is one of the key steps for NGINX hardening.
How To Hide NGINX Server Version from Header
Here are the steps to hide NGINX server version from header.
Generally, when a user requests an unavailable/broken link on an NGINX based website, then they get the following message.
As you can see, the NGINX server string contains server name and version. Attackers can use this information to hack your website. So it is important to hide NGINX server information from response.
Here are the steps to hide NGINX server name and version from response.
Bonus Read : How to Setup NGINX Load Balancer
1. Open NGINX configuration file
Open terminal and run the following command to open NGINX configuration file in a text editor.
$ sudo /etc/nginx/nginx.conf
2. Hide NGINX Server Version & Name
The NGINX server information can be hidden using server_tokens header. Add the following line to http block.
http{
...
server_tokens off;
...
}
Bonus Read : How to Redirect Subfolder to Subdomain in NGINX
3. Restart NGINX
Finally, run the following command to check syntax of your updated config file.
$ sudo nginx -t
If there are no errors, run the following command to restart NGINX server.
$ sudo service nginx reload #debian/ubuntu $ systemctl restart nginx #redhat/centos
That’s it! Hopefully the above tutorial will help you hide NGINX server name, version, signature in header for your website.
Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it Today!
Sreeram Sreenivasan is the Founder of Ubiq. He has helped many Fortune 500 companies in the areas of BI & software development.