I don't think it will do you much good. A casual hacker isn't going to get through your security and a serious hacker will get the information easily enough through HTTP fingerprinting. See http://www.net-square.com/httprint/httprint_paper.html.
That said, you can turn off the version with the directive "server_tokens off".
From http://wiki.nginx.org/NginxHttpCoreModule#server_tokens :
[quote]
server_tokens
syntax: server_tokens on|off
default: server_tokens on
context: http, server, location
Whether to send the Nginx version number in error pages and Server header. [/quote]
If you want to remove the name of the server completely you need to alter the source code prior to compiling.
Edit /path/to/nginx-0.*/src/http/ngx_http_header_filter_module.c lines 48 and 49:
[code]
static char ngx_http_server_string[] = "Server: nginx" CRLF;
static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
[/code]
Put in anything you like.
If you want to edit NGINX_VER, it is defined, along with some other relevant constants, in /path/to/nginx-0.*/src/core/nginx.h, lines 11-13.
--
Jim Ohlstein