DEV Community

Cover image for security tip for your website
ochieng seth
ochieng seth

Posted on

security tip for your website

Attackers can easily exploit your web app if they know the version of the server you are running and most web servers like nginx transmit this data by default๐Ÿ˜ณ. Let's try the following line of code in any terminal to get your domain's server info.

curl --head yourdomain.com
Enter fullscreen mode Exit fullscreen mode

My result looks like so..

HTTP/1.1 301 Moved Permanently
Server: nginx/<SERVER_VERSION>(<OPERATING_SYSTEM>)
Date: Thu, 03 Mar 2022 13:46:14 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://jast-tech.com/
Enter fullscreen mode Exit fullscreen mode

you might be using apache, no worries i gat you๐Ÿ˜Œ

Our simple task now is to hide the <SERVER_VERSION>

  1. FOR NGINX edit the nginx configuration file
nano /etc/nginx/nginx.conf
Enter fullscreen mode Exit fullscreen mode

Under the #HTTP Options line and before the ## line, add the following

server_tokens off;
Enter fullscreen mode Exit fullscreen mode

save changes with ctrl + x and we are done๐Ÿ˜œ
restart your server with sudo systemctl restart nginx and you can try curl --head yourdomain.com to get your server version.

2.FOR APACHE
edit the apache configuration file

nano /etc/httpd/httpd.conf
Enter fullscreen mode Exit fullscreen mode

change ServerTokens Prod and ServerSignature Off
now one more step, look for

<Location "/server-status">
    SetHandler server-status
</Location>
Enter fullscreen mode Exit fullscreen mode

and change it to

<Location "/server-status">
    SetHandler server-status
    Order deny,allow
    Deny from all
</Location>
Enter fullscreen mode Exit fullscreen mode

๐Ÿ˜›We are done, just restart your server with sudo service apache2 restart
Enjoy. ๐Ÿ‘‹๐Ÿฟ

Top comments (0)