Nginx, by default, will show information in error pages (for example 404 as shown below). This information can be used by attackers to automatically search for vulnerable Nginx versions. I could be putting my web server at risk if my current nginx version, 1.11.8, is vulnerable. 404 Not Found Nginx Server Token.jpg

To remedy this, add this simple line of code to your nginx.conf under ‘http’:

server_tokens off;

And then reload nginx using:

systemctl restart nginx (on CentOS)

Advertisements