How to hide the server version?
renaud at llorien.org
Mon May 12 22:11:22 MSD 2008
Thomas Seifert wrote:
> Hi Guys,
> is there any directive to hide the exact server version in the header
> and error pages?
> I don't mind showing that I'm running nginx but I don't want to give out
> the exact version it is.
> It could give attackers additional information if the update is lacking
> a version or something like that.
> I know, security by obscurity isn't working well but at least its a
> stumbling block.
Just put "server_tokens off;" in your main http configuration.
Don't forget that if you are running fastcgi, you may have to put
"fastcgi_param SERVER_SOFTWARE nginx;" in your params instead of the
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3304 bytes
Desc: S/MIME Cryptographic Signature
More information about the nginx