How to Hide Nginx Version in Linux (Simple Guide)

Attackers are constantly on the prowl, conducting reconnaissance on web servers to retrieve crucial details such as the Nginx version. With this information at hand, they can then leverage known vulnerabilities associated with the version of the Nginx web server and initiate an attack.

Hiding the version of Nginx is, therefore, one of the many ways of securing your Nginx web server and warding off potential attacks.

In this guide, we will explore how to hide the Nginx version in Linux.

Prerequisites

Before you get started, ensure that you have an instance of Nginx web server installed and running on your Linux system.

Viewing Version Number of Nginx Web Server

Whenever you query the HTTP headers of a site hosted on Nginx, the version of Nginx is displayed by default among other details. In fact, if you browse a non-existent page of a website hosted on the Nginx web server, you will get a 404 error page with the version of Nginx displayed.

Check-NGINX-Version-GUI

Similarly, you can view the version using the curl command to display the HTTP headers.

$ curl - I ip-address
OR
$ curl - I hostname

Curl-Command-Check-NGINX-Version

As explained, exposing the version of Nginx is not recommended as it can leave your web server prone to attacks. Let’s now see how to hide this information.

How to hide the version of Nginx using the server_tokens directive

The ‘server_tokens‘ directive is a parameter in Nginx that is responsible for displaying the version of Nginx on error pages and in the HTTP response header field. To hide the version of Nginx, this directive needs to be set to off.

To do this, open the default Nginx configuration file.

$ sudo nano /etc/nginx/nginx.conf

Locate the  ‘server_tokens off‘ directive. By default, this is commented.

Server-Tokens-off-Parameter-Nginx-Conf-file

Uncomment it and save the changes.

Disable-Nginx-Version-Linux

For the changes to take effect, reload or restart the Nginx service.

$ sudo nginx -s reload
OR
$ sudo systemctl restart nginx

Confirm that the Nginx version is hidden

To verify that the version of Nginx is now hidden, now browse any error page on your web server and you will notice that this time around, the version will not be displayed.

Verify-NGINX-Version-Web

Also, you can query the HTTP headers. Likewise, you will discover that the version is not displayed.

Check-Nginx-Version-Curl-Command

This confirms that the version of Nginx has been hidden from anyone that might want to spy or conduct some reconnaissance on your web server.

Conclusion

We hope that you found this guide insightful and that you can now hide your web server’s version. Your feedback on this article is welcome.

Also Read: How to harden and secure Nginx web server

Share Now!

Leave a Comment