DEV Community

Cover image for How to remove Nginx server  version and  name.
shiva kumar
shiva kumar

Posted on • Updated on

How to remove Nginx server version and name.

Hackers mostly exploit, when they know server name and its version. We can reduce the chances first by hiding the name and version of the Nginx. Secondly, by regularly updating the tools we use.
This quick post will guide you on renaming the Nginx server name and remove version from the headers
If you haven't install Nginx or you dont know how to install Nginx in a ubuntu machine you can follow this tutorial

You can check if the server is running by using below command

sudo service nginx status 
Enter fullscreen mode Exit fullscreen mode

Let's see when request the server, what we get in response header

ubuntu@ip-172-31-37-234:~$ curl -I localhost

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 22 Feb 2022 20:57:32 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Feb 2022 20:56:10 GMT
Connection: keep-alive
ETag: "62154dea-264"
Accept-Ranges: bytes
Enter fullscreen mode Exit fullscreen mode

To rename the default server we need a directive called more_set_headers but this doesn't comes default with Nginx we need to install a dynamic module called headers-more-nginx-module

If you have installed nginx ubuntu package, you need download the same version of Nginx already installed. This need to be done to compile the dynamic module.
Lets download and unzip the nginx

wget http://nginx.org/download/nginx-1.18.0.tar.gz

tar -xvzf nginx-1.18.0.tar.gz

Enter fullscreen mode Exit fullscreen mode

Since have already installed nginx we can view the list of modules installed. You can do that by using

nginx -V 

nginx version: nginx/1.18.0 (Ubuntu)
built with OpenSSL 1.1.1f  31 Mar 2020
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-BUo7Uw/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module

Enter fullscreen mode Exit fullscreen mode

Lets copy the output and pass them when recompiling the nginx-with-headers-more module

Let's download and install the nginx-with-headers-more module

git clone https://github.com/openresty/headers-more-nginx-module.git 

cd nginx-1.18.0/

./configure  --add-dynamic-module=/home/ubuntu/headers-more-nginx-module  <--with... paste the previously installed module from above nginx -V command>

make 

Enter fullscreen mode Exit fullscreen mode

Once its done we have module in /home/ubuntu/nginx-1.18.0/objs directory. We need to move this to existing installed nginx modules directory

sudo cp ngx_http_headers_more_filter_module.so /usr/lib/nginx/modules/
Enter fullscreen mode Exit fullscreen mode

Now the headers-more-nginx-module is available to use. Go to the nginx.conf file include the installed module and add both directives to http block

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
load_module modules/ngx_http_headers_more_filter_module.so;

events {
        worker_connections 768;
}

http {
        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        server_tokens off;
        more_set_headers 'Server: Gandalf';  #Gandalf will protect your server from balrog.
}
Enter fullscreen mode Exit fullscreen mode

Restart the nginx server

sudo service nginx restart
Enter fullscreen mode Exit fullscreen mode

Let check again the response header

curl -I localhost
HTTP/1.1 200 OK
Date: Tue, 22 Feb 2022 21:57:08 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Feb 2022 20:56:10 GMT
Connection: keep-alive
ETag: "62154dea-264"
Server: Gandalf
Accept-Ranges: bytes

Enter fullscreen mode Exit fullscreen mode

If you want complete remove the server name, pass server name empty like this in nginx.conf file

more_set_headers 'Server: ';
Enter fullscreen mode Exit fullscreen mode

Output

 curl -I localhost
HTTP/1.1 200 OK
Date: Tue, 22 Feb 2022 21:58:02 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Feb 2022 20:56:10 GMT
Connection: keep-alive
ETag: "62154dea-264"
Accept-Ranges: bytes

Enter fullscreen mode Exit fullscreen mode

Congratulations! You have successfully renamed the server name and removed the version.
Hope this post was helpful. If you enjoyed this post, share it.

Discussion (0)