How to hide the server version?
almir at kiberpipa.org
Sat Jul 5 01:09:44 MSD 2008
On Fri, Jul 04, 2008 at 05:07:50PM -0300, Marcos Neves wrote:
> But what if I change my token to an apache2 version?
> How can somebody found that it?s nginx, and not apache, cherokee, lighttpd
> or any other server?
that is an ugly hack (security through obscurity) not a proper secuirty measure. no matter how hard you try to hide something a security hole (if any) is there and the attackers tend to throw everything they've got at you, a proper security measure is to monitor this list for security updates, or if it is in your power doing secuirty audit of the code.
More information about the nginx