How to Hide Nginx Version

nginx.conf

Sometimes due to lack of time it is difficult to update the software and you end up with running old vulnerable version. In this cases, it comes to handy to know how to hide nginx version or turn off server signature in nginx from all the public. Hiding nginx version is too easy which can be done by using server_tokens directive.

Also readWhat is Nginx : How Nginx Works

To hide nginx version we need to edit nginx.conf file ( located at /etc/nginx/nginx.conf or /usr/local/nginx/conf/nginx.conf ). You can use editor like nano to modify the file. The server_tokens variable can be used either in the http, server or location sections. Just set it to off, as shown below:

Just add below directive to inside anywhere in http { … }.

server_tokens off;

See below image for reference.

nginx.conf

Once you added the code simply save it and restart nginx to make directive active.

service nginx restart

To check results, you can fetch the headers live from any console using curl command.

curl -I http://www.YourWebsite.com

Now you can see that no nginx version appearing and what you can see is just “nginx”.

Also readHow to Improve Nginx Performance : Quick Tips

This way you can hide nginx version or server signature.

Written by
AtulHost
Join the discussion

AtulHost