When you configure your production and development infrastructure. The primary concern should be security. You may face serious consequences in the future. You must apply to security in many directions. In that, If you are running your application with NGINX web server, you should apply this security tip on your server.
Advertisement
Check Unsecure HTTP Header
Check the http header of your server, You will see the version of NGINX server running. Hackers can use this information for hacking.
$ curl -I http://example.comYou can see that your server is running with NGINX 1.10.0 server.HTTP/1.1 200 OK Server: nginx/1.10.0 (Ubuntu) Date: Wed, 26 Oct 2016 11:48:36 GMT Content-Type: text/html Content-Length: 11321 Last-Modified: Thu, 20 Oct 2016 05:30:08 GMT Connection: keep-alive ETag: "58649f60-2c39" Accept-Ranges: bytesHide Apache2 Version
Edit your NGIX configuration file and set the
server_tokens
variable value tooff
, either in the http, server or location sections as following.server_tokens off;Check Unsecure HTTP Header
After makeing above changes, re-check the http header values using following command.
$ curl -I http://example.comNow you can see that header is only showing that Apache is runnign, but no version or OS details available there.HTTP/1.1 200 OK Server: nginx Date: Wed, 26 Oct 2016 11:48:36 GMT Content-Type: text/html Content-Length: 11321 Last-Modified: Thu, 20 Oct 2016 05:30:08 GMT Connection: keep-alive ETag: "58649f60-2c39" Accept-Ranges: bytes