Question: how to hide header "Server"
Bob Ippolito
bob at redivi.com
Sun Oct 29 02:34:08 MSK 2006
On 10/28/06, Toshiki NISHIHATA <nshttsk at gmail.com> wrote:
> 2006/10/29, Igor Sysoev <is at rambler-co.ru>:
> > On Sun, 29 Oct 2006, Toshiki NISHIHATA wrote:
> >
> > > I use nginx of GNU/Linux Ecth(testing) package.
> > >
> > > # nginx -v
> > > nginx version: nginx/0.4.2
> > > built by gcc 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)
> > >
> > > For security, I want to hide the http header; "Server: nginx/0.4.2
> > > ".
> > > I thouth that "proxy_pass_header Server" allows transferring "Server"
> > > header forbidden.
> > > So, I rewrite follow at /etc/nginx/nginx.conf, but header "Server" didn't
> > > hide.
> > >
> > >
> > > location / {
> > > root /var/www;
> > > proxy_pass_header Server;
> > > }
> > >
> > > $ telnet sample.com 80
> > > GET /index.html HTTP/1.0
> > >
> > > HTTP/1.1 200 OK
> > > Server: nginx/0.4.2 <-------------- want to hide!!
> > > Date: Sat, 28 Oct 2006 16:58:28 GMT
> > > Content-Type: text/html
> > > Content-Length: 151
> > > ....
> > >
> > > What should I do?
> >
> > "proxy_pass_header Server" passes a backend Server header only.
> > To disable Server header for static responses you need to patch the sources:
> > currently there is no directive to disable it.
> >
> >
> > Igor Sysoev
> > http://sysoev.ru/en/
> >
> >
>
>
> Thank you to respond a baby question.
>
> As a future plan of development,
> Don't you have a plan to add such a directive?
>
I think that's what the wiki feature requests page is for:
http://wiki.codemongers.com/NginxFeatureRequests
-bob
More information about the nginx
mailing list