How to Change(Hide) the Nginx Server Signature

How do you change the server header returned by nginx?

Like Apache, this is a quick edit to the source and recompile. From Calomel.org:

The Server: string is the header which
is sent back to the client to tell
them what type of http server you are
running and possibly what version.
This string is used by places like
Alexia and Netcraft to collect
statistics about how many and of what
type of web server are live on the
Internet. To support the author and
statistics for Nginx we recommend
keeping this string as is. But, for
security you may not want people to
know what you are running and you can
change this in the source code. Edit
the source file
src/http/ngx_http_header_filter_module.c
at look at lines 48 and 49. You can
change the String to anything you
want.

## vi src/http/ngx_http_header_filter_module.c (lines 48 and 49)
static char ngx_http_server_string[] = "Server: MyDomain.com" CRLF;
static char ngx_http_server_full_string[] = "Server: MyDomain.com" CRLF;

March 2011 edit: Props to Flavius below for pointing out a new option, replacing Nginx's standard HttpHeadersModule with the forked HttpHeadersMoreModule. Recompiling the standard module is still the quick fix, and makes sense if you want to use the standard module and won't be changing the server string often. But if you want more than that, the HttpHeadersMoreModule is a strong project and lets you do all sorts of runtime black magic with your HTTP headers.

nginx: Remove Server response header - not honour what said in doco


Additionally, as part of our commercial subscription, starting from version 1.9.13 the signature on error pages and the “Server” response header field value can be set explicitly using the string with variables. An empty string disables the emission of the “Server” field.

Source: http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens

It requires a commercial subscription.

Otherwise, install ngx_headers_more module.

And add the following to your nginx conf, and restart nginx. This will remove the "server" header. -

more_clear_headers  "Server";
more_clear_headers  "server";

Installation: https://github.com/openresty/headers-more-nginx-module#installation


Related Topics

How to Activate Programs on Windows from Linux MAChine

Segfault with Rip-Relative Addressing on Linux

Split Fasta Files Based on Header

Why Does Order in Which Input Libraries Are Specified Matter

How to Replace:Characters with Newline

How to Duplicate String in Bash

Combine File Modified Date and "Grep" Results Through "Find", in One Line

Cannot Use Wildcard in Kernel Module Makefile

Prevent * to Be Expanded in the Bash Script

Copy Differences Between Two Files in Unix

Org.Openqa.Selenium.Webdriverexception: Invalid Argument: 'Handle' Must Be a String While Window Handling with Selenium and Java in Linux

How to Find a File Name That Contains a String "Abcd " in the File Content from Multiple Files in the Directory Using Awk

A Light Solution to Convert Text to PDF in Linux

How to Use Aliased Commands with Xargs

What Is the Meaning of Question Marks '' in Linux Kernel Panic Call Traces

How to Recover After Deleting the Symbolic Link Libc.So.6

Bash - Update Terminal Title by Running a Second Command

A Modification to %Esp Cause Sigsegv


Leave a reply



Submit