Welcome! Log In Create A New Profile

Re: [PATCH] HTTP: stop emitting server version by default

Forum List Message List New Topic Print View

Sergey A. Osokin

February 29, 2024 09:06AM

Hi Piotr,

thank you for the patch.

On Wed, Feb 28, 2024 at 01:20:35AM +0000, Piotr Sikora via nginx-devel wrote:

[...]

> HTTP: stop emitting server version by default.
> This information is only useful to attackers.
> The previous behavior can be restored using "server_tokens on".

[...]

I don't think this is a good idea to change the default behaviour
for the directive we have for a long-long time. It's always possible
to set `server_tokens off;' in the configuration file.

Also, this change is required a corresponding change in the
documentation on the nginx.org website.

Thank you.

--
Sergey A. Osokin
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] HTTP: stop emitting server version by default	Piotr Sikora via nginx-devel	196	February 27, 2024 08:22PM
Re: [PATCH] HTTP: stop emitting server version by default	Sergey A. Osokin	37	February 29, 2024 09:06AM
Re: [PATCH] HTTP: stop emitting server version by default	Piotr Sikora via nginx-devel	38	March 08, 2024 10:10AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 79

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018