Additional menu

Geek Flare

Learn Web Security, Cloud Computing, Middleware, Blogging and Infrastructure

Remove Version from Server Header Banner in nginx
Remove Version from Server Header Banner in nginx

Remove Version from Server Header Banner in nginx

Chandan Kumar By Chandan Kumar  |    in Nginx  |   Updated: February 19, 2018

Geek Flare Blog post is sponsored by Netsparker Web Application Security Scanner.

Share
Stumble
Share

Mask Nginx version details from the HTTP Response Header.

In default NGINX configuration, Server header banner is ON which exposes what version of Nginx you are using.

This is considered as information leakage vulnerability.

If you are working on auditing or fixing a security issue, then you will be asked to get rid of a version as part of hardening & security.

Implementation

  • Go to nginx/conf folder
  • Take a backup of configuration file
  • Add following in nginx.conf under server section
server_tokens off;
  • Restart Nginx web server

Verification

You can use online tool Header Checker or developer tools inbuilt in the browser to examine the header.

As you can see, no more version is shown.

I hope this helps and if you are looking to learn Nginx then check out this course by Ray Viljoen.

Share
Stumble
Share

Reader Interactions

Chandan Kumar
About Chandan
Chandan Kumar is the founder of Geek Flare. Learn more here and connect with him on Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Share
Tweet
Stumble
Share