Hide Nginx Server Info

Hiding version of nginx server on the website

While deploying APIs on nginx server, we should be aware about future possible vulnerable cases. So better to prevent such possible vulnerability and threats on time.

There are several cves published regularly. In case, attacker know our server info, he/she can test or exploit to our server. So, better to hide them to prevent such cases.

Steps:

Create the custom server name:

sudo apt-get install nginx-extras

cd /etc/nginx/sites-available

more_set_headers 'Server: hicare'; # To Set a custom string as "Server"

Now time to update nginx.conf too:

       #add this on http section
       server_tokens off;
        more_clear_headers Server;

As the below format

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        server_tokens off;
        more_clear_headers Server;      

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

}

Now, test and reload nginx server:

sudo nginx -t
sudo nginx -s reload
sudo systemctl restart nginx

PreviousInstall the CodeDeploy agent for Ubuntu Server NextAttach trivy report on email (jenkins pipeline)

Last updated 8 months ago