There are some times when you can’t update your software and you end up running and old/vulnerable version. In this cases, it comes very handy to know how to hide nginx version from all the public. Hiding nginx version is very easy and it’s done using server_tokens directive.
Edit nginx.conf file (it can be located at /etc/nginx/nginx.conf or /usr/local/nginx/conf/nginx.conf file)
The server_tokens variable can be used either in the http, server or location sections. Just set it to off, as shown below:
Then reload or restart nginx web server
service nginx restart
server_tokens is the equivalent to Apache’s ServerSignature and ServerTokens variable.
To check the server headers and if you see the version, you can fetch the headers live from any console using curl:
curl -I http://www.yoursite.com
Popular search terms:
- hiding nginx version information
- server_tokens nginx
- turn off server signature nginx