How to hide the server version?

Almir Karic almir at kiberpipa.org
Sat Jul 5 01:09:44 MSD 2008


On Fri, Jul 04, 2008 at 05:07:50PM -0300, Marcos Neves wrote:
> But what if I change my token to an apache2 version?
> How can somebody found that it?s nginx, and not apache, cherokee, lighttpd
> or any other server?

that is an ugly hack (security through obscurity) not a proper secuirty measure. no matter how hard you try to hide something a security hole (if any) is there and the attackers tend to throw everything they've got at you, a proper security measure is to monitor this list for security updates, or if it is in your power doing secuirty audit of the code.





More information about the nginx mailing list