By default, the Nginx version will be displayed when we query HTTP headers or error generated by the Nginx server. lets see how we can hide or remove the Nginx version.
First lets see how Nginx version is displaying using cli
Through curl command,we can see the version on error pages and in the “Server” response header field.
Sample Output
Now lets hide Nginx Version using server_tokens directive
We need to set server_tokens to off to hide the Nginx server version.Now we will edit nginx.conf file.We will set server_tokens in http, server, or location context only
We have added this line in http section in nginx.conf file.
server_tokens off;
Now we will reload the nginx without restart,before that we will test the conf file.
Lets verify that Nginx version is hidden
Sample Output
In Firefox we can confirm nginx version has been hidden now.
Other Values related to server_tokens to hide the Nginx Version
The syntax is as follows:
server_tokens on | off | build | string;
- on : Show version number.
- off : Turn off displaying version number.
- build : Make sure we emitt a build name along with nginx version. You must have the Nginx version 1.11.10.
- string : Only works with commercial subscription, starting from version 1.9.13 the signature on error pages and the “Server” response header field value can be set explicitly using the string with variables. An empty string disables the emission of the “Server” field.
It is good and recommended not to display Nginx Version,this is one of the methods to prevent our application from hackers or any other thread.But always have a good code,install firewall and WAF ( web Application Firewall).These versions will be helpful for attackers,so not prefer to display nginx version.
© 2020, Techrunnr. All rights reserved.