Question: how to hide header "Server"
Toshiki NISHIHATA
nshttsk at gmail.com
Sun Oct 29 02:21:21 MSK 2006
2006/10/29, Igor Sysoev <is at rambler-co.ru>:
> On Sun, 29 Oct 2006, Toshiki NISHIHATA wrote:
>
> > I use nginx of GNU/Linux Ecth(testing) package.
> >
> > # nginx -v
> > nginx version: nginx/0.4.2
> > built by gcc 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)
> >
> > For security, I want to hide the http header; "Server: nginx/0.4.2
> > ".
> > I thouth that "proxy_pass_header Server" allows transferring "Server"
> > header forbidden.
> > So, I rewrite follow at /etc/nginx/nginx.conf, but header "Server" didn't
> > hide.
> >
> >
> > location / {
> > root /var/www;
> > proxy_pass_header Server;
> > }
> >
> > $ telnet sample.com 80
> > GET /index.html HTTP/1.0
> >
> > HTTP/1.1 200 OK
> > Server: nginx/0.4.2 <-------------- want to hide!!
> > Date: Sat, 28 Oct 2006 16:58:28 GMT
> > Content-Type: text/html
> > Content-Length: 151
> > ....
> >
> > What should I do?
>
> "proxy_pass_header Server" passes a backend Server header only.
> To disable Server header for static responses you need to patch the sources:
> currently there is no directive to disable it.
>
>
> Igor Sysoev
> http://sysoev.ru/en/
>
>
Thank you to respond a baby question.
As a future plan of development,
Don't you have a plan to add such a directive?
--
Toshiki
More information about the nginx
mailing list