How to hide the server version?

Thomas Seifert thomas-lists at mysnip.de
Mon May 12 22:27:13 MSD 2008


Hi Jay,

thanks a lot. Does exactly what I wanted.
Didn't check the headers module, nearly anything else but not the 
headers, duh!


Regards,

thomas

Jay Reitz schrieb:
> Use:
> server_tokens off;
>
> From:
> http://wiki.codemongers.com/NginxHttpHeadersModule
>
> I believe this setting was added in version 0.5.34. <http://0.5.34.>
>
> >j.
>
> On Mon, May 12, 2008 at 10:47 AM, Thomas Seifert 
> <thomas-lists at mysnip.de <mailto:thomas-lists at mysnip.de>> wrote:
>
>     Hi Guys,
>
>     is there any directive to hide the exact server version in the
>     header and error pages?
>     I don't mind showing that I'm running nginx but I don't want to
>     give out the exact version it is.
>     It could give attackers additional information if the update is
>     lacking a version or something like that.
>
>     I know, security by obscurity isn't working well but at least its
>     a stumbling block.
>
>
>     Regards,
>
>     thomas
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20080512/44530636/attachment.html>


More information about the nginx mailing list