How to hide nginx version?

With default Nginx configuration, Nginx response contains the Nginx Version number in the Headers , In the “Server” Header. Normally this is not an issue, but sometimes you might need to hide it. When you don’t want the visitors know the Server you are using or to prevent hackers to detect any security flows , you can hide the Nginx version.

You can check the nginx default headers using simple curl command

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16   localhost ~]# curl -vvv -I 127.0.0.1 * About to connect() to 127.0.0.1 port 80 (#0) * Trying 127.0.0.1… * Connected to 127.0.0.1 (127.0.0.1) port 80 (#0) > HEAD / HTTP/1.1 > UserAgent: curl/7.29.0 > Host: 127.0.0.1 > Accept: */* > > HTTP/1.1 200 OK HTTP/1.1 200 OK > Server: nginx/1.10.2 Server: nginx/1.10.2 > Date: Mon, 07 Aug 2017 12:38:32 GMT  

As you can see response Headers contains the “Server” Header which has the ServerVersion , which is “1.10.2” .

In this article we will explain how to Hide Nginx Version Number

You can hide Nginx Version Header by setting the “server_tokens” variable in the nginx configuration file.

Add the following line in the nginx configuration file, Under the “server” block.

1 server_tokens off;

Restart nginx once the changes are made

Now test it using curl

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15   [root@localhost ~]# curl -vvv -I 127.0.0.1 * About to connect() to 127.0.0.1 port 80 (#0) * Trying 127.0.0.1… * Connected to 127.0.0.1 (127.0.0.1) port 80 (#0) > HEAD / HTTP/1.1 > UserAgent: curl/7.29.0 > Host: 127.0.0.1 > Accept: */* > > HTTP/1.1 200 OK HTTP/1.1 200 OK > Server: nginx Server: nginx  

As you can see its not showing the Version now.

how-to-hide-nginx-version-2

As always, feel free to drop us a note if you have any queries or feedbacks using our comment form below. Always happy to help you ????

Author: , 0000-00-00