Sometimes due to lack of time it is difficult to update the software and you end up with running old vulnerable version. In this cases, it comes to handy to know how to hide nginx version or turn off server signature in nginx from all the public. Hiding nginx version is too easy which can be done by using server_tokens directive.
Also read: What is Nginx : How Nginx Works
To hide nginx version we need to edit nginx.conf file ( located at /etc/nginx/nginx.conf or /usr/local/nginx/conf/nginx.conf ). You can use editor like nano to modify the file. The server_tokens variable can be used either in the http, server or location sections. Just set it to off, as shown below:
Just add below directive to inside anywhere in http { … }.
server_tokens off;
See below image for reference.
Once you added the code simply save it and restart nginx to make directive active.
service nginx restart
To check results, you can fetch the headers live from any console using curl command.
curl -I http://www.YourWebsite.com
Now you can see that no nginx version appearing and what you can see is just “nginx”.
Also read: How to Improve Nginx Performance : Quick Tips
This way you can hide nginx version or server signature.
Leave a Reply