Question: how to hide header "Server"
Gentoo
debiansid at gmail.com
Fri Nov 3 04:38:30 MSK 2006
can I use it on 0.4.12?
On 10/30/06, Igor Sysoev <is at rambler-co.ru> wrote:
>
> On Sun, 29 Oct 2006, Toshiki NISHIHATA wrote:
>
> > 2006/10/29, Igor Sysoev <is at rambler-co.ru>:
> >> On Sun, 29 Oct 2006, Toshiki NISHIHATA wrote:
> >>
> >> > I use nginx of GNU/Linux Ecth(testing) package.
> >> >
> >> > # nginx -v
> >> > nginx version: nginx/0.4.2
> >> > built by gcc 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)
> >> >
> >> > For security, I want to hide the http header; "Server: nginx/0.4.2
> >> > ".
> >> > I thouth that "proxy_pass_header Server" allows transferring "Server"
> >> > header forbidden.
> >> > So, I rewrite follow at /etc/nginx/nginx.conf, but header "Server"
> didn't
> >> > hide.
> >> >
> >> >
> >> > location / {
> >> > root /var/www;
> >> > proxy_pass_header Server;
> >> > }
> >> >
> >> > $ telnet sample.com 80
> >> > GET /index.html HTTP/1.0
> >> >
> >> > HTTP/1.1 200 OK
> >> > Server: nginx/0.4.2 <-------------- want to hide!!
> >> > Date: Sat, 28 Oct 2006 16:58:28 GMT
> >> > Content-Type: text/html
> >> > Content-Length: 151
> >> > ....
> >> >
> >> > What should I do?
> >>
> >> "proxy_pass_header Server" passes a backend Server header only.
> >> To disable Server header for static responses you need to patch the
> >> sources:
> >> currently there is no directive to disable it.
> >>
> >>
> >> Igor Sysoev
> >> http://sysoev.ru/en/
> >>
> >>
> >
> >
> > Thank you to respond a baby question.
> >
> > As a future plan of development,
> > Don't you have a plan to add such a directive?
>
> No.
> The patch to delete the header entirely is attached.
>
>
> Igor Sysoev
> http://sysoev.ru/en/
>
>
--
Life is hard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20061103/870cc8b0/attachment.html>
More information about the nginx
mailing list