Once I read an article where it was said that you can hide the fact of using nginx on the server. To do this, you need to edit the source code of the ngx_http_header_filter_module module and change the lines
static char ngx_http_server_string [] = "Server: nginx" CRLF; static char ngx_http_server_full_string [] = "Server:" NGINX_VER CRLF;
But in order to rebuild nginx from source, you need to have some knowledge.
However, there is a simpler method that does not require any special actions at all, such as editing source codes and recompiling.
To do this, we will need to install the nginx-extras package from the Debian repository. This package contains the HttpHeadersMore module.
# aptitude install nginx-extras
If you already have nginx-full installed, aptitude will offer to remove this package, since it cannot be used with extras.
After installing the package, open the /etc/nginx/nginx.conf file and in the http section write the line:
more_set_headers "Server: Apache";
And in the same place, we do not forget to indicate this (just in case, if you haven’t done it before):
server_tokens off;
And restart nginx. Instead of Apache, you can substitute something of your own. Or disguise as another web server. Space for fantasy, in general. :)
Actually, the question is: why should we do all this? Masking nginx under another server, we complicate the work of hackers. After all, they need to understand what the site is working on in order to figure out how to exploit the vulnerabilities of the web server. Calling the server differently, we give the attacker a unique opportunity to infinitely long pick a vulnerability, for example, to IIS instead of nginx. :)
(No ratings yet) 
Loading...
for some reason it did not work, extras was delivered, I entered the line, but 404 still writes that the server is on NGINX
In this case we are talking about the headers given by the server. You can check in the console: curl -I http://site.ru . Naturally, the error pages should create their own.
Yes it works. thank