Banner grabbing is the act of scanning websites to find server information including services and open ports. This technique is used during vulnerability assessments. Hiding your NGINX server version from scanning tools makes it harder for hackers to know what vulnerabilities can be exploited on your server.
Below we’ll cover how VPS and dedicated server administrators can view server header info and hide your NGINX server version.
Log into SSH or WebHost Manager (WHM) Terminal (if managing a cPanel server) as root before continuing.
View and Hide NGINX Server Header Information
You can use the following terminal command to check your current server information.
curl --head yourdomain.com
You can also view this information with online tools such as https://securityheaders.com and https://observatory.mozilla.org. However, you’ll still need to access the terminal to make necessary changes to your server.
In a default configuration, the first two lines of results will display the HTTP protocol, HTTP status code (200, 301, 302, etc.) for the info returned, and server version info. For example:
HTTP/2 200
server: nginx/1.16.7
We’ll remove that version number to make it just a little harder for cyber attackers to infect your server.
- Edit the NGINX configuration file:
nano /etc/nginx/nginx.conf
- Under the
# HTTP Options
and##
lines, add a new line:server_tokens off;
- Save changes: Ctrl + x.
- Check your NGINX server information:
curl --head yourdomain.com
Note that these changes may take up to a few hours to reflect in header information, depending on system caching settings.
There are many other ways to configure your NGINX web server for better website security. Check out our Support Center for more articles about advanced NGINX configuration.
Learn more about how to secure your server with our Managed Hosting team and Launch Assist today.