How to hide Nginx version

There are some times when you can’t update your software and you end up running and old/vulnerable version. In this cases, it comes very handy to know how to hide nginx version from all the public. Hiding nginx version is very easy and it’s done using server_tokens directive.

Edit nginx.conf file (it can be located at /etc/nginx/nginx.conf or /usr/local/nginx/conf/nginx.conf file)
The server_tokens variable can be used either in the http, server or location sections. Just set it to off, as shown below:

server_tokens off;

Then reload or restart nginx web server

service nginx restart

server_tokens is the equivalent to Apache’s ServerSignature and ServerTokens variable.

To check the server headers and if you see the version, you can fetch the headers live from any console using curl:

curl -I http://www.yoursite.com

Popular search terms:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>