HTTP header manipulation
Nuno Magalhães
nunomagalhaes at eu.ipp.pt
Sat Feb 21 03:48:50 MSK 2009
> No way. Switching off server_tokens is the only thing you may do
> without nginx source code modification.
However "nginx" does still appear in a 403 (i'm in the process of
editing the error pages). Eventually i added "add_headers Server
weee;" to my conf, but that didn't have any effect, even with a 200
OK.
> Personally I think that even switching off server_tokens is wrong
> way to go. It doesn't give you extra security but instead false
> sense of it
It doesn't secure anything per se, but it's harder for people to
figure out which webserver is running and thus harder to find exploits
for said server.
> BTW, charset in the example above is wrong. There is no "utf8"
> charset, it's called "utf-8".
Thanks!
> You don't trust even your own fastcgi apps? Funny. :)
Being an internal service? Meh...
Nuno Magalhães
LU#484677
More information about the nginx
mailing list