How to change/modify Server response header in nginx
The “Server” response-header field contains information about the software used by the origin server to handle the request. See the following curl output
| 1 2 3 4 5 6 7 8 9 10 11 12 13 | [root@test.test.com ~]# curl -i yahoo.com HTTP/1.1 301 Redirect Date: Thu, 09 Mar 2017 18:12:04 GMT Via: https/1.1 ir43.fp.bf1.yahoo.com (ApacheTrafficServer) Server: ATS Location: https://www.yahoo.com/ Content–Type: text/html Content–Language: en Cache–Control: no–store, no–cache Connection: keep–alive Content–Length: 304 |
You can see the Header “Server: ATS” inside the response. This Header announces which Application/Server is used for serving the response. This isn’t a major security risk, or even a medium security risk. But sometimes, it requires to hide the “Server” header or modify it. In this article we will explain how to modify Server response header in nginx.
How to modify “Server” response header in nginx ?
There are multiple ways to achieve this.
1. Enable nginx “headers_more” module
This module allows you to add, set, or clear any output or input header that you specify.
This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing “builtin headers” like Content-Type, Content-Length, and Server.
Installation instructions are here
Once installed, we can set custom “Server” header by adding following in the nginx configuration file.
| 1 2 3 4 | server_tokens off; more_set_headers ‘Server: My Very Own Server’; |
2. Modifying nginx source code.
In nginx source code “Server” header is hardcoded in the file “src/http/ngx_http_header_filter_module.c”. You can modify following lines and add your own headers
| 1 2 3 4 5 | static u_char ngx_http_server_string[] = “Server: nginx” CRLF; static u_char ngx_http_server_full_string[] = “Server: “ NGINX_VER CRLF; static u_char ngx_http_server_build_string[] = “Server: “ NGINX_VER_BUILD CRLF; |
See the modified version below
| 1 2 3 4 5 | static u_char ngx_http_server_string[] = “Server: Myownwebserver” CRLF; static u_char ngx_http_server_full_string[] = “Server: “ NGINX_VER CRLF; static u_char ngx_http_server_build_string[] = “Server: “ NGINX_VER_BUILD CRLF; |
Then recompile nginx with modified source code.
Let us know incase you face any issue. Always happy to help ????