Question: how to hide header "Server"
Toshiki NISHIHATA
nshttsk at gmail.com
Sun Oct 29 03:00:28 MSK 2006
2006/10/29, Bob Ippolito <bob at redivi.com>:
> On 10/28/06, Toshiki NISHIHATA <nshttsk at gmail.com> wrote:
> > 2006/10/29, Igor Sysoev <is at rambler-co.ru>:
> > > On Sun, 29 Oct 2006, Toshiki NISHIHATA wrote:
> > >
> > > > I use nginx of GNU/Linux Ecth(testing) package.
> > > >
> > > > # nginx -v
> > > > nginx version: nginx/0.4.2
> > > > built by gcc 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)
> > > >
> > > > For security, I want to hide the http header; "Server: nginx/0.4.2
> > > > ".
> > > > I thouth that "proxy_pass_header Server" allows transferring "Server"
> > > > header forbidden.
> > > > So, I rewrite follow at /etc/nginx/nginx.conf, but header "Server" didn't
> > > > hide.
> > > >
> > > >
> > > > location / {
> > > > root /var/www;
> > > > proxy_pass_header Server;
> > > > }
> > > >
> > > > $ telnet sample.com 80
> > > > GET /index.html HTTP/1.0
> > > >
> > > > HTTP/1.1 200 OK
> > > > Server: nginx/0.4.2 <-------------- want to hide!!
> > > > Date: Sat, 28 Oct 2006 16:58:28 GMT
> > > > Content-Type: text/html
> > > > Content-Length: 151
> > > > ....
> > > >
> > > > What should I do?
> > >
> > > "proxy_pass_header Server" passes a backend Server header only.
> > > To disable Server header for static responses you need to patch the sources:
> > > currently there is no directive to disable it.
> > >
> > >
> > > Igor Sysoev
> > > http://sysoev.ru/en/
> > >
> > >
> >
> >
> > Thank you to respond a baby question.
> >
> > As a future plan of development,
> > Don't you have a plan to add such a directive?
> >
>
> I think that's what the wiki feature requests page is for:
> http://wiki.codemongers.com/NginxFeatureRequests
>
> -bob
>
>
OKey, thank you :-)
--
Toshiki
More information about the nginx
mailing list