How to hide the server version?
Thomas Seifert
thomas-lists at mysnip.de
Mon May 12 22:27:13 MSD 2008
Hi Jay,
thanks a lot. Does exactly what I wanted.
Didn't check the headers module, nearly anything else but not the
headers, duh!
Regards,
thomas
Jay Reitz schrieb:
> Use:
> server_tokens off;
>
> From:
> http://wiki.codemongers.com/NginxHttpHeadersModule
>
> I believe this setting was added in version 0.5.34. <http://0.5.34.>
>
> >j.
>
> On Mon, May 12, 2008 at 10:47 AM, Thomas Seifert
> <thomas-lists at mysnip.de <mailto:thomas-lists at mysnip.de>> wrote:
>
> Hi Guys,
>
> is there any directive to hide the exact server version in the
> header and error pages?
> I don't mind showing that I'm running nginx but I don't want to
> give out the exact version it is.
> It could give attackers additional information if the update is
> lacking a version or something like that.
>
> I know, security by obscurity isn't working well but at least its
> a stumbling block.
>
>
> Regards,
>
> thomas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20080512/44530636/attachment.html>
More information about the nginx
mailing list