[PATCH] HTTP: stop emitting server version by default
Sergey A. Osokin
osa at freebsd.org.ru
Thu Feb 29 14:03:50 UTC 2024
Hi Piotr,
thank you for the patch.
On Wed, Feb 28, 2024 at 01:20:35AM +0000, Piotr Sikora via nginx-devel wrote:
[...]
> HTTP: stop emitting server version by default.
> This information is only useful to attackers.
> The previous behavior can be restored using "server_tokens on".
[...]
I don't think this is a good idea to change the default behaviour
for the directive we have for a long-long time. It's always possible
to set `server_tokens off;' in the configuration file.
Also, this change is required a corresponding change in the
documentation on the nginx.org website.
Thank you.
--
Sergey A. Osokin
More information about the nginx-devel
mailing list