How to hide the server version?
Renaud Allard
renaud at llorien.org
Mon May 12 22:11:22 MSD 2008
Hello,
Thomas Seifert wrote:
> Hi Guys,
>
> is there any directive to hide the exact server version in the header
> and error pages?
> I don't mind showing that I'm running nginx but I don't want to give out
> the exact version it is.
> It could give attackers additional information if the update is lacking
> a version or something like that.
>
> I know, security by obscurity isn't working well but at least its a
> stumbling block.
>
>
Just put "server_tokens off;" in your main http configuration.
Don't forget that if you are running fastcgi, you may have to put
"fastcgi_param SERVER_SOFTWARE nginx;" in your params instead of the
default value.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3304 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://nginx.org/pipermail/nginx/attachments/20080512/24830624/attachment.bin>
More information about the nginx
mailing list