Post by account_disabled on Feb 24, 2024 22:42:25 GMT -8
If you have a web server with Nginx or Apache installed, the system shows the installed version of the software in the headers or error pages: a vulnerability that could be exploited in the event of attacks to access the machine and related information. It is possible to hide both the Nginx and Apache version on Linux and Unix servers so that it is not in the public domain. Content index: What is Nginx and how does it work Procedure for Nginx Show the current version of Nginx using the CLI Hide the Nginx version with the server_tokens directive Verify that the Nginx version is hidden Other possible values that can be assigned to the server_tokens directive Remove the version from server headers and error pages Customize the Nginx version number Hiding version is “Security by obscurity” Procedure for Apache What is Nginx and how does it work Nginx is an open source web server that, to date, is used not only as a server but also as a reverse proxy, HTTP cache and load balancer.
Other features are FastCGI support, WebSockets and static file Chinese Student Phone Number List management, self-indexing index files. The software, created by Igor Sysoev and released in 2004, often manages to outperform competitors, especially in the case of static content or simultaneous requests. In fact, instead of creating a new process for each web request, Nginx uses an asynchronous event-based approach , managing to control multiple worker processes via a single master process. Procedure for Nginx By default, the Nginx version is shown in the response headers to an HTTP call or following an error generated by the Nginx server itself.
Show the current version of Nginx using the CLI Nginx will show the version in the error pages in the server response headers. We can check it using the following command: curl -I We obtain: HTTP/1.1 200 OK Server: nginx/1.10.3 Content-Type: text/html; charset=utf-8 Content-Length: 11460 Connection: keep-alive Vary: Accept-Language, Origin, Cookie Content-Language: en X-API-Total-Time: 0.028s Strict-Transport-Security: max-age=15768000 Here is the output from the HTTP/502 error page showing the Nginx version. How to hide Nginx and Apache version on Linux and Unix Hide the Nginx version with the server_tokens directive We need to set the server_tokens directive to off to hide the Nginx server version on Linux and Unix systems.
Other features are FastCGI support, WebSockets and static file Chinese Student Phone Number List management, self-indexing index files. The software, created by Igor Sysoev and released in 2004, often manages to outperform competitors, especially in the case of static content or simultaneous requests. In fact, instead of creating a new process for each web request, Nginx uses an asynchronous event-based approach , managing to control multiple worker processes via a single master process. Procedure for Nginx By default, the Nginx version is shown in the response headers to an HTTP call or following an error generated by the Nginx server itself.
Show the current version of Nginx using the CLI Nginx will show the version in the error pages in the server response headers. We can check it using the following command: curl -I We obtain: HTTP/1.1 200 OK Server: nginx/1.10.3 Content-Type: text/html; charset=utf-8 Content-Length: 11460 Connection: keep-alive Vary: Accept-Language, Origin, Cookie Content-Language: en X-API-Total-Time: 0.028s Strict-Transport-Security: max-age=15768000 Here is the output from the HTTP/502 error page showing the Nginx version. How to hide Nginx and Apache version on Linux and Unix Hide the Nginx version with the server_tokens directive We need to set the server_tokens directive to off to hide the Nginx server version on Linux and Unix systems.