Hide Server Header in Nginx
📝 Overview
To enhance security and reduce the information exposed to potential attackers, it is advisable to hide or alter the server header in Nginx. This guide will walk you through the steps required to achieve this using the ngx_http_headers_more_filter_module module.
📦 Prerequisites
- An Ubuntu-based system
- Nginx installed
🚀 Steps to Hide Server Header
1. Update Package List
First, update your package list to ensure you have the latest repositories.
sudo apt-get update -y2. Install Nginx Extras
Install nginx-extras to get access to the ngx_http_headers_more_filter_module module.
sudo apt-get install nginx-extras -y3. Load the Module
Edit the Nginx configuration file to load the ngx_http_headers_more_filter_module module.
sudo nano /etc/nginx/nginx.confAdd the following line at the beginning of the file:
load_module modules/ngx_http_headers_more_filter_module.so;4. Modify the Server Header
To disable the default server tokens and set a custom server header, add the following lines within the http section of the nginx.conf file:
http {
server_tokens off; # Turn off server tokens
more_set_headers 'Server: Apache'; # Set a custom server header
# ... other configurations ...
}5. Restart Nginx
After making these changes, restart Nginx to apply the new configuration.
sudo service nginx restart🛠️ Example Configuration
Here is how your /etc/nginx/nginx.conf file should look after making the above changes:
load_module modules/ngx_http_headers_more_filter_module.so;
http {
server_tokens off;
more_set_headers 'Server: Apache';
# ... other configurations ...
server {
listen 80;
server_name example.com;
location / {
root /var/www/html;
index index.html index.htm;
}
# ... other server configurations ...
}
# ... other configurations ...
}🏁 Conclusion
By following these steps, you can effectively hide or change the server header in Nginx, enhancing your server's security posture. Remember to always restart Nginx after making configuration changes to ensure they take effect.