Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect exposing Nginx version #108

Open
disconnect3d opened this issue Mar 16, 2020 · 1 comment
Open

Detect exposing Nginx version #108

disconnect3d opened this issue Mar 16, 2020 · 1 comment

Comments

@disconnect3d
Copy link

disconnect3d commented Mar 16, 2020
edited
Loading

This is a feature request for detecting the missing of server_tokens off.

If it is not set, the Nginx will respond with a Server: nginx/<version> header containing nginx version. This might be helpful for an attacker who has an exploit for a particular Nginx version.
@dasJ
Copy link

dasJ commented Apr 21, 2020

… unless you use the more headers module in which case you could also have:

more_clear_headers Server X-Page-Speed X-Powered-By X-Redirect-By X-CF-Powered-By X-Hudson X-Jenkins;

which hides the Server header completely

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dasJ @disconnect3d