Skip to main content

How to hide the fact of using nginx on the server

Once I read an article where it was said that you can hide the fact of using nginx on the server. To do this, you need to edit the source code of the ngx_http_header_filter_module module and change the lines

  static char ngx_http_server_string [] = "Server: nginx" CRLF;
 static char ngx_http_server_full_string [] = "Server:" NGINX_VER CRLF; 

But in order to rebuild nginx from source, you need to have some knowledge.

However, there is a simpler method that does not require any special actions at all, such as editing source codes and recompiling.

To do this, we will need to install the nginx-extras package from the Debian repository. This package contains the HttpHeadersMore module.

  # aptitude install nginx-extras 

If you already have nginx-full installed, aptitude will offer to remove this package, since it cannot be used with extras.

After installing the package, open the /etc/nginx/nginx.conf file and in the http section write the line:

  more_set_headers "Server: Apache"; 

And in the same place, we do not forget to indicate this (just in case, if you haven’t done it before):

  server_tokens off; 

And restart nginx. Instead of Apache, you can substitute something of your own. Or disguise as another web server. Space for fantasy, in general. :)

Actually, the question is: why should we do all this? Masking nginx under another server, we complicate the work of hackers. After all, they need to understand what the site is working on in order to figure out how to exploit the vulnerabilities of the web server. Calling the server differently, we give the attacker a unique opportunity to infinitely long pick a vulnerability, for example, to IIS instead of nginx. :)

How do you rate the article?
Звёзд: 1Звёзд: 2Звёзд: 3Звёзд: 4Звёзд: 5 (No ratings yet)

” 3 Comments “ How to hide the fact of using nginx on the server

  1. for some reason it did not work, extras was delivered, I entered the line, but 404 still writes that the server is on NGINX

Add a comment

Your email will not be published.