Question: how to hide header "Server"

Igor Sysoev is at rambler-co.ru
Fri Nov 3 11:08:30 MSK 2006


On Fri, 3 Nov 2006, Gentoo wrote:

> can I use it on 0.4.12?

Yes.

> On 10/30/06, Igor Sysoev <is at rambler-co.ru> wrote:
>> 
>> On Sun, 29 Oct 2006, Toshiki NISHIHATA wrote:
>> 
>> > 2006/10/29, Igor Sysoev <is at rambler-co.ru>:
>> >> On Sun, 29 Oct 2006, Toshiki NISHIHATA wrote:
>> >>
>> >> > I use nginx of GNU/Linux Ecth(testing) package.
>> >> >
>> >> > # nginx  -v
>> >> > nginx version: nginx/0.4.2
>> >> > built by gcc 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)
>> >> >
>> >> > For security, I want to hide the http header; "Server: nginx/0.4.2
>> >> > ".
>> >> > I thouth that "proxy_pass_header Server" allows transferring "Server"
>> >> > header forbidden.
>> >> > So, I rewrite follow at /etc/nginx/nginx.conf, but header "Server"
>> didn't
>> >> > hide.
>> >> >
>> >> >
>> >> > location / {
>> >> >    root   /var/www;
>> >> >    proxy_pass_header  Server;
>> >> > }
>> >> >
>> >> > $ telnet sample.com 80
>> >> > GET /index.html HTTP/1.0
>> >> >
>> >> > HTTP/1.1 200 OK
>> >> > Server: nginx/0.4.2              <--------------   want to hide!!
>> >> > Date: Sat, 28 Oct 2006 16:58:28 GMT
>> >> > Content-Type: text/html
>> >> > Content-Length: 151
>> >> > ....
>> >> >
>> >> > What should I do?
>> >>
>> >> "proxy_pass_header Server" passes a backend Server header only.
>> >> To disable Server header for static responses you need to patch the
>> >> sources:
>> >> currently there is no directive to disable it.
>> >>
>> >>
>> >> Igor Sysoev
>> >> http://sysoev.ru/en/
>> >>
>> >>
>> >
>> >
>> > Thank you to respond a baby question.
>> >
>> > As a future plan of development,
>> > Don't you have a plan to add such a directive?
>> 
>> No.
>> The patch to delete the header entirely  is attached.
>> 
>> 
>> Igor Sysoev
>> http://sysoev.ru/en/
>> 
>> 
>
>
> -- 
> Life is hard
>

Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list