Attackers can easily exploit your web app if they know the version of the server you are running and most web servers like nginx transmit this data by default๐ณ. Let's try the following line of code in any terminal to get your domain's server info.
curl --head yourdomain.com
My result looks like so..
HTTP/1.1 301 Moved Permanently
Server: nginx/<SERVER_VERSION>(<OPERATING_SYSTEM>)
Date: Thu, 03 Mar 2022 13:46:14 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://jast-tech.com/
you might be using apache, no worries i gat you๐
Our simple task now is to hide the <SERVER_VERSION>
- FOR NGINX edit the nginx configuration file
nano /etc/nginx/nginx.conf
Under the #HTTP Options line and before the ## line, add the following
server_tokens off;
save changes with ctrl
+ x
and we are done๐
restart your server with sudo systemctl restart nginx
and you can try curl --head yourdomain.com
to get your server version.
2.FOR APACHE
edit the apache configuration file
nano /etc/httpd/httpd.conf
change ServerTokens Prod
and ServerSignature Off
now one more step, look for
<Location "/server-status">
SetHandler server-status
</Location>
and change it to
<Location "/server-status">
SetHandler server-status
Order deny,allow
Deny from all
</Location>
๐We are done, just restart your server with sudo service apache2 restart
Enjoy. ๐๐ฟ
Top comments (0)