[PATCH] HTTP: stop emitting server version by default

Piotr Sikora piotr at aviatrix.com
Wed Feb 28 01:20:35 UTC 2024


# HG changeset patch
# User Piotr Sikora <piotr at aviatrix.com>
# Date 1708977611 0
#      Mon Feb 26 20:00:11 2024 +0000
# Branch patch001
# Node ID a8a592b9b62eff7bca03e8b46669f59d2da689ed
# Parent  89bff782528a91ad123b63b624f798e6fd9c8e68
HTTP: stop emitting server version by default.

This information is only useful to attackers.

The previous behavior can be restored using "server_tokens on".

Signed-off-by: Piotr Sikora <piotr at aviatrix.com>

diff -r 89bff782528a -r a8a592b9b62e src/http/ngx_http_core_module.c
--- a/src/http/ngx_http_core_module.c	Wed Feb 14 20:03:00 2024 +0400
+++ b/src/http/ngx_http_core_module.c	Mon Feb 26 20:00:11 2024 +0000
@@ -3899,7 +3899,7 @@
     ngx_conf_merge_value(conf->etag, prev->etag, 1);
 
     ngx_conf_merge_uint_value(conf->server_tokens, prev->server_tokens,
-                              NGX_HTTP_SERVER_TOKENS_ON);
+                              NGX_HTTP_SERVER_TOKENS_OFF);
 
     ngx_conf_merge_ptr_value(conf->open_file_cache,
                               prev->open_file_cache, NULL);


More information about the nginx-devel mailing list