Question: how to hide header "Server"

Igor Sysoev is at rambler-co.ru
Sat Oct 28 21:25:07 MSD 2006


On Sun, 29 Oct 2006, Toshiki NISHIHATA wrote:

> I use nginx of GNU/Linux Ecth(testing) package.
>
> # nginx  -v
> nginx version: nginx/0.4.2
> built by gcc 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)
>
> For security, I want to hide the http header; "Server: nginx/0.4.2
> ".
> I thouth that "proxy_pass_header Server" allows transferring "Server"
> header forbidden.
> So, I rewrite follow at /etc/nginx/nginx.conf, but header "Server" didn't 
> hide.
>
>
> location / {
>    root   /var/www;
>    proxy_pass_header  Server;
> }
>
> $ telnet sample.com 80
> GET /index.html HTTP/1.0
>
> HTTP/1.1 200 OK
> Server: nginx/0.4.2              <--------------   want to hide!!
> Date: Sat, 28 Oct 2006 16:58:28 GMT
> Content-Type: text/html
> Content-Length: 151
> ....
>
> What should I do?

"proxy_pass_header Server" passes a backend Server header only.
To disable Server header for static responses you need to patch the sources:
currently there is no directive to disable it.


Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list