Nginx is a popular web server that powers many websites and applications. However, by default, nginx reveals its version number in the HTTP response headers and error pages. This can be a security risk, as it exposes information that can be used by attackers to exploit vulnerabilities in your server. In this post, we will show you how to hide the version number of nginx from the public.
There are two main methods to do this: using the server_tokens
directive and using a custom error page.
Method 1: Hide Version nginx with server_tokens directive
The server_tokens directive controls whether nginx displays its version number and OS name in the HTTP response headers and error pages. By default, it is set to on, which means that nginx will show both the version number and the OS name.
For example, you might see something like this in the response headers:
Server: nginx/1.18.0 (Ubuntu)
To hide the version number and the OS name, you can set the server_tokens
directive to off in your nginx configuration file. For example, you can add this line to the http block in /etc/nginx/nginx.conf:
server_tokens off;
This will make nginx only display its name without any additional information. For example, you will see something like this in the response headers:
Server: nginx
For change, restart service nginx.
Method 2: Using a Custom Error Ppage
Another way to hide the version number of nginx is to use a custom error page for common HTTP errors, such as 404 or 500. By default, nginx will show its version number and OS name in the error pages. For example, you might see something like this when you request a non-existent page:
404 Not Found
nginx/1.18.0 (Ubuntu)
To replace the default error page with your own custom on. You can use the error_page directive in your nginx configuration file. For example, you can add this line to the server block:
error_page 404 /404.html;
This will make nginx serve the file /404.html instead of the default error page when a 404 error occurs. You can create your own custom error page with any content you want, such as a friendly message or a link to your homepage. You can also use variables such as $status or $request_uri to display dynamic information.
Next, restart service nginx.
Conclusion
In this blog post, we have shown you how to hide the version number of nginx from the public using two methods: using the server_tokens
directive and using a custom error page. Hiding the version number of nginx can help improve your server security by reducing the attack. Surface and preventing information leakage. We hope you found this post useful and informative.