Nginx change server attribute in HTTP response header

Changing your server attribute sent with every HTTP response header can positively affect your security. Because some hackers examine your response headers in search for particular versions with known vulnerabilities so they can exploit them. In the following tutorial I’ll show you how how you can change server attribute. We assume that you have already a working Nginx configuration.

Install nginx-extras package

We need the more_set_headers directive to change the server attribute send with the HTTP response headers. This isn’t available in the default Nginx installation so we need to add the nginx-extra package. here’s how:

sudo apt-get install nginx-extras

Change server attribute in response header

When the installation is successful, configure the default Nginx configuration file to apply this to every resource running on Nginx.

sudo nano /etc/nginx/nginx.conf

You can put the more_set_header snippet on the http {} or location {} directives. Assign a value to the directive by more_set_headers '<attribute>: <custom-text>';

http {
    # set the Server output header
    more_set_headers 'Server: my-server';

Before restarting Nginx make sure to check the configuration syntax.

sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

After you verified that the syntax is correct you can restart Nginx.

sudo service nginx restart

Now you can test your response headers using curl -I command. With the -I flag we tell curl to print only the HTTP response headers.

curl -I

You can inspect the result that the server attribute is changed into ‘my-server’

HTTP/1.1 200 OK
Date: Sat, 15 Nov 2014 11:01:25 GMT
Content-Type: text/html
Content-Length: 22837
Last-Modified: Sat, 15 Nov 2014 10:20:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
Server: my-server
Accept-Ranges: bytes

For more information about more-headers you can check this page.

You may also like...