Question: how to hide header "Server"
Igor Sysoev
is at rambler-co.ru
Sat Oct 28 21:25:07 MSD 2006
On Sun, 29 Oct 2006, Toshiki NISHIHATA wrote:
> I use nginx of GNU/Linux Ecth(testing) package.
>
> # nginx -v
> nginx version: nginx/0.4.2
> built by gcc 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)
>
> For security, I want to hide the http header; "Server: nginx/0.4.2
> ".
> I thouth that "proxy_pass_header Server" allows transferring "Server"
> header forbidden.
> So, I rewrite follow at /etc/nginx/nginx.conf, but header "Server" didn't
> hide.
>
>
> location / {
> root /var/www;
> proxy_pass_header Server;
> }
>
> $ telnet sample.com 80
> GET /index.html HTTP/1.0
>
> HTTP/1.1 200 OK
> Server: nginx/0.4.2 <-------------- want to hide!!
> Date: Sat, 28 Oct 2006 16:58:28 GMT
> Content-Type: text/html
> Content-Length: 151
> ....
>
> What should I do?
"proxy_pass_header Server" passes a backend Server header only.
To disable Server header for static responses you need to patch the sources:
currently there is no directive to disable it.
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list