How To Hide Nginx Server Header

Nginx-Logo

In this tutorial, we will show you how to hide Nginx Server Header on your Linux server. In default Nginx configuration, the server sends HTTP Header with the information of Nginx version number of the Server. The HTTP response header “Server” displays the version number of the server. This information can be used to try to exploit any vulnerabilities in the Nginx, especially if you are running an older version with known vulnerabilities. Hiding Nginx version is very easy and it’s done using server_tokens directive. This tutorial helps you customize the name of the server on your host.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges.

Hide Nginx Server Header

Step 1. Go to Nginx/conf folder (it can be located at /etc/nginx/nginx.conf or /usr/local/nginx/conf/nginx.conf file)

Step 2. Hide Nginx version.

Add the following in nginx.conf under server section:

server_tokens off;

Step 3. Restart Nginx web server:

service nginx restart

Let’s verify if we see the server information now:

curl -I https://idroot.us/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Aug 2014 06:06:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
X-Pingback: https://idroot.us/xmlrpc.php

Congratulations! You have successfully hidden the Nginx version. Thanks for using this tutorial for hiding Nginx version in Linux system. For additional help or useful information, we recommend you to check the official Nginx web site.

Nginx Install Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “Nginx Webserver” installation, starting from $10 (Paypal payment). Please contact us to get the best deal!