When you configure your production and development infrastructure. The primary concern should be security. You may face serious consequences in the future. You must apply to security in many directions. In that, If you are running your application with NGINX web server, you should apply this security tip on your server.
Check Unsecure HTTP Header
Check the http header of your server, You will see the version of NGINX server running. Hackers can use this information for hacking.
$ curl -I http://example.com You can see that your server is running with NGINX 1.10.0 server. HTTP/1.1 200 OK Server: nginx/1.10.0 (Ubuntu) Date: Wed, 26 Oct 2016 11:48:36 GMT Content-Type: text/html Content-Length: 11321 Last-Modified: Thu, 20 Oct 2016 05:30:08 GMT Connection: keep-alive ETag: "58649f60-2c39" Accept-Ranges: bytes
Hide Apache2 Version
Edit your NGIX configuration file and set the server_tokens variable value to off, either in the http, server or location sections as following.
server_tokens off;
Check Unsecure HTTP Header
After makeing above changes, re-check the http header values using following command.
$ curl -I http://example.com Now you can see that header is only showing that Apache is runnign, but no version or OS details available there. HTTP/1.1 200 OK Server: nginx Date: Wed, 26 Oct 2016 11:48:36 GMT Content-Type: text/html Content-Length: 11321 Last-Modified: Thu, 20 Oct 2016 05:30:08 GMT Connection: keep-alive ETag: "58649f60-2c39" Accept-Ranges: bytes
Thanks for Visit Here
Comments
Post a Comment