Welcome! Log In Create A New Profile

Advanced

Re: Hide HTTP headers in nginx

Francis Daly
November 13, 2020 06:18AM
On Fri, Nov 13, 2020 at 06:03:02AM +0530, Kaushal Shriyan wrote:

Hi there,

> As part of the security audit, I have set server_tokens off;
> in /etc/nginx/nginx.conf. Is there a way to hide Server: nginx,
> X-Powered-By and X-Generator?

It's generally pointless from a security perspective to hide headers;
and it is impolite to the authors to do so.

Stock nginx does not provide a configuration option to remove the Server:
header (but it does provide the source code and the freedom for you to
do what you want with it).

The other headers might be adjustable by whatever generates
them; but nginx does provide directives like fastcgi_hide_header
(http://nginx.org/r/fastcgi_hide_header) to adjust what is sent from a
fastcgi_pass response.

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Hide HTTP headers in nginx

kaushalshriyan November 12, 2020 07:34PM

RE: Hide HTTP headers in nginx

Reinis Rozitis November 13, 2020 05:04AM

Re: Hide HTTP headers in nginx

Francis Daly November 13, 2020 06:18AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 84
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready