How to hide our Nginx version number

Introduction

When we use Nginx for proxy, all network requests are distributed through Nginx. As long as it is software, there will be loopholes.

Nginx will inevitably have some vulnerabilities, and Nginx is also constantly undergoing version iterations, so we need to prevent the outside world from obtaining our when accessing externally.

Nginx version. Reduce some attack risks caused by version exposure. (Upgrading to the latest version in time will provide higher security.)

This article introduces how to hide the version number of our Nginx to avoid external attacks.

1. How to check whether the Nginx version of your own server is hidden

The following introduces the query methods in different environments

(1) windows Environment

We can access the web page through the browser, press F12 to enter the inspection mode, and through the Network panel we can see all the network requests of the current page

Find an interface and click on it. You can see the following data through the Headers panel under the pop-up request details: Server The version number of your nginx will be displayed later:

Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type,ADMIN-Authorization,API-Authorization
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 3600
Cache-Control: public,max-age=60,s-maxage=60
Content-Encoding: gzip
Content-Length: 3348
Content-Type: application/javascript
Date: Fri, 23 Sep 2022 01:55:37 GMT
Last-Modified: Tue, 08 Mar 2022 07:14:08 GMT
Server: nginx/1.23.0
Vary: Origin

The above example is an example where the nginx version number is exposed. If the version number is hidden, It will be displayed as:

Server: nginx/ There will be a version number. (2) In Linux environment

Compared with the query method in windows, Linux query can be queried directly through the

curl -I command .

For example, check the effect of this site:

[root@iZuf63tu3fn1swasqa62h8Z nginx]# curl -I zinyan.com
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 23 Sep 2022 02:09:49 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://zinyan.com/

If the nginx version is not hidden, the version number will be added after nginx.

2. Hide Nginx version

The hiding method is relatively simple: you need to open the nginx.conf configuration file. (Usually the file directory is

/etc/nginx/nginx.conf)

Switch to the directory where the nginx.conf file is located and use

vim nginx.conf Open the file. (Press I to enter edit mode)

Then add under the server level:

server_tokens off; If there is server_tokens originally, change the value is on, if not, add the whole.

The effect is as follows:

http{
...
server{
listen 80 default_server;
listen [::]:80 default_server;
server_name_;
root /usr/share/nginx/html;
server_tokens off;#添加这一项就可以了
location / {
}
error_page 404 /404.html;
location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
}

} 
}

After adding, press the

Esc key to exit the editing mode, and then enter :wq Just save and exit. (If you are not familiar with vim commands, you can learn about them through https://zinyan.com/?p=23)

Final execution:

nginx -s reload

Just restart nginx. This will allow you to hide the version.

By default, nginx does not hide the version number. We need to actively configure it ourselves.

The above is the detailed content of How to hide our Nginx version number. For more information, please follow other related articles on the PHP Chinese website!