Nginx change server attribute in HTTP response header
Changing your server attribute sent with every HTTP response header can positively affect your security. Because some hackers examine your response headers in search for particular versions with known vulnerabilities so they can exploit them. In the following tutorial I’ll show you how how you can change server attribute. We assume that you have already a working Nginx configuration.
Install nginx-extras package
We need the more_set_headers directive to change the server attribute send with the HTTP response headers. This isn’t available in the default Nginx installation so we need to add the nginx-extra package. here’s how:
sudo apt-get install nginx-extrasChange server attribute in response header
When the installation is successful, configure the default Nginx configuration file to apply this to every resource running on Nginx.
sudo nano /etc/nginx/nginx.confYou can put the more_set_header snippet on the http {} or location {} directives. Assign a value to the directive by more_set_headers '<attribute>: <custom-text>';
http {
...
# set the Server output header
more_set_headers 'Server: my-server';
...
}Before restarting Nginx make sure to check the configuration syntax.
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfulAfter you verified that the syntax is correct you can restart Nginx.
sudo service nginx restartNow you can test your response headers using curl -I command. With the -I flag we tell curl to print only the HTTP response headers.
curl -I http://example.comYou can inspect the result that the server attribute is changed into ‘my-server’
HTTP/1.1 200 OK
Date: Sat, 15 Nov 2014 11:01:25 GMT
Content-Type: text/html
Content-Length: 22837
Last-Modified: Sat, 15 Nov 2014 10:20:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
Server: my-server
Accept-Ranges: bytesFor more information about more-headers you can check this page.
How can I install nginx-extras in windows version of Nginx.