How to hide the server version?
Marcos Neves
marcos.neves at gmail.com
Sat Jul 5 00:13:31 MSD 2008
I patch those files before compile nginx.
But I want know how an attacker can found the right server/version
I´m really curiously.
On Fri, Jul 4, 2008 at 5:10 PM, Paul <paul at gtcomm.net> wrote:
> These files contain the responses with the server name/type
> src/http/ngx_http_special_response.c
> src/http/ngx_http_header_filter_module.c
>
>
>
> Marcos Neves wrote:
>
>> Can you explain me why it´s not more secure?
>>
>> On Fri, Jul 4, 2008 at 4:28 PM, Almir Karic <almir at kiberpipa.org <mailto:
>> almir at kiberpipa.org>> wrote:
>>
>> i have server_tokens off; and neither the headers nor the 404
>> error
>> page seem to contain the nginx version.
>>
>> FWIW, don't fool yourself that by not showing the version is any
>> more secure than with the
>> version displayed.
>>
>> On Fri, Jul 04, 2008 at 09:05:43PM +0200, Thomas wrote:
>> > For hiding Nginx from error pages, do I need to tweak the source
>> code
>> > or is there an option somewhere for that?
>> >
>>
>>
>>
>>
>> --
>> Marcos Neves
>> +55 44 3263-8132
>> +55 44 9918-8488
>>
>
>
>
--
Marcos Neves
+55 44 3263-8132
+55 44 9918-8488
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20080704/9c0c0a23/attachment.html>
More information about the nginx
mailing list