Date Posted:24/03/2017

By default, webserver version, OS information will be visible to public which consider as a security problem because its not a good practice to expose server information. This may result in hackers to intrude your server incase if any vulnerability. So, its always good to hide all server information.

Assumption:

  1. Ubuntu or Centos Host
  2. Nginx Webserver

Incase if nginx is not installed, follow the below post depends on your server environment.

Implementation:

We have may to install nginx-extras on ubuntu host. This post only tested with Ubuntu host. We never tried this on centos host. You can still follow this post to achieve the same.

apt-get -y install nginx-extras

Before implementing, let’s test whether the server information is exposing to the public. Open a terminal and execute the below command.

curl -I http://IPaddress

The output will be displayed as below,

HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.0 (Ubuntu)

Open the nginx.conf configuration. Under http section, identify and update/add/modify the below line

vi /etc/nginx/nginx.conf

server_tokens off; 
more_set_headers 'Server: PheonixSolutions'

Where,

server_tokens off will hide Os Information

more_set_headers sets user specified information.

Verify whether any syntax error on the configuration.

nginx -t

Restart nginx service.

service nginx restart

Verification:

Execute the same curl command and see whether we are getting the same information.

curl http://IPaddress

HTTP/1.1 301 Moved Permanently

Server:  PheonixSolutions

From above result, we can see OS information hided and Web Server information also modified.

 

Post Views: 439

Leave a Reply