Question: how to hide header "Server"

Igor Sysoev is at rambler-co.ru
Mon Oct 30 12:45:54 MSK 2006 

On Sun, 29 Oct 2006, Toshiki NISHIHATA wrote:

> 2006/10/29, Igor Sysoev <is at rambler-co.ru>:
>> On Sun, 29 Oct 2006, Toshiki NISHIHATA wrote:
>> 
>> > I use nginx of GNU/Linux Ecth(testing) package.
>> >
>> > # nginx  -v
>> > nginx version: nginx/0.4.2
>> > built by gcc 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)
>> >
>> > For security, I want to hide the http header; "Server: nginx/0.4.2
>> > ".
>> > I thouth that "proxy_pass_header Server" allows transferring "Server"
>> > header forbidden.
>> > So, I rewrite follow at /etc/nginx/nginx.conf, but header "Server" didn't
>> > hide.
>> >
>> >
>> > location / {
>> >    root   /var/www;
>> >    proxy_pass_header  Server;
>> > }
>> >
>> > $ telnet sample.com 80
>> > GET /index.html HTTP/1.0
>> >
>> > HTTP/1.1 200 OK
>> > Server: nginx/0.4.2              <--------------   want to hide!!
>> > Date: Sat, 28 Oct 2006 16:58:28 GMT
>> > Content-Type: text/html
>> > Content-Length: 151
>> > ....
>> >
>> > What should I do?
>> 
>> "proxy_pass_header Server" passes a backend Server header only.
>> To disable Server header for static responses you need to patch the 
>> sources:
>> currently there is no directive to disable it.
>> 
>> 
>> Igor Sysoev
>> http://sysoev.ru/en/
>> 
>> 
>
>
> Thank you to respond a baby question.
>
> As a future plan of development,
> Don't you have a plan to add such a directive?

No.
The patch to delete the header entirely  is attached.


Igor Sysoev
http://sysoev.ru/en/
-------------- next part --------------
Index: src/http/ngx_http_header_filter_module.c
===================================================================
--- src/http/ngx_http_header_filter_module.c	(revision 147)
+++ src/http/ngx_http_header_filter_module.c	(working copy)
@@ -45,9 +45,6 @@
 };
 
 
-static char ngx_http_server_string[] = "Server: " NGINX_VER CRLF;
-
-
 static ngx_str_t ngx_http_status_lines[] = {
 
     ngx_string("200 OK"),
@@ -237,10 +234,6 @@
         len += ngx_http_status_lines[status].len;
     }
 
-    if (r->headers_out.server == NULL) {
-        len += sizeof(ngx_http_server_string) - 1;
-    }
-
     if (r->headers_out.date == NULL) {
         len += sizeof("Date: Mon, 28 Sep 1970 06:00:00 GMT" CRLF) - 1;
     }
@@ -364,11 +357,6 @@
     }
     *b->last++ = CR; *b->last++ = LF;
 
-    if (r->headers_out.server == NULL) {
-        b->last = ngx_cpymem(b->last, ngx_http_server_string,
-                             sizeof(ngx_http_server_string) - 1);
-    }
-
     if (r->headers_out.date == NULL) {
         b->last = ngx_cpymem(b->last, "Date: ", sizeof("Date: ") - 1);
         b->last = ngx_cpymem(b->last, ngx_cached_http_time.data,

More information about the nginx mailing list