How do you change the server header returned by nginx

Question

There s an option to hide the version so it will display only nginx  but is there a way to hide that too so it will not show anything or change the header

User · Answer

According to nginx documentation it supports custom values or even the exclusion:

Syntax: server_tokens on | off | build | string;

but sadly only with a commercial subscription:

Additionally, as part of our commercial subscription, starting from version 1.9.13 the signature on error pages and the “Server” response header field value can be set explicitly using the string with variables. An empty string disables the emission of the “Server” field.

User · Answer

Like Apache  this is a quick edit to the source and recompile  From Calomel org      The Server  string is the header which   is sent back to the client to tell   them what type of http server you are   running and possibly what version    This string is used by places like   Alexia and Netcraft to collect   statistics about how many and of what   type of web server are live on the   Internet  To support the author and   statistics for Nginx we recommend   keeping this string as is  But  for   security you may not want people to   know what you are running and you can   change this in the source code  Edit   the source file   src http ngx http header filter module c   at look at lines 48 and 49  You can   change the String to anything you   want       vi src http ngx http header filter module c  lines 48 and 49  static char ngx http server string      Server  MyDomain com  CRLF  static char ngx http server full string      Server  MyDomain com  CRLF    March 2011 edit  Props to Flavius below for pointing out a new option  replacing Nginx s standard HttpHeadersModule with the forked HttpHeadersMoreModule  Recompiling the standard module is still the quick fix  and makes sense if you want to use the standard module and won t be changing the server string often  But if you want more than that  the HttpHeadersMoreModule is a strong project and lets you do all sorts of runtime black magic with your HTTP headers

User · Answer

Install Nginx Extras  sudo apt-get update sudo apt-get install nginx-extras   Server details can be removed from response by adding following two lines in the nginx conf  under http section   more clear headers Server  server tokens off

User · Answer

The last update was a while ago  so here is what worked for me on Ubuntu   sudo apt-get update sudo apt-get install nginx-extras   Then add the following two lines to the http section of nginx conf  which is usually located at  etc nginx nginx conf   sudo nano  etc nginx nginx conf server tokens off    removed pound sign more set headers  Server  Eff You Script Kiddies      Also  don t forget to restart nginx with sudo service nginx restart

User · Answer

I know the post is kinda old  but I have found a solution easy that works on Debian based distribution without compiling nginx from source   First install nginx-extras package     sudo apt install nginx-extras   Then load the nginx http headers more module by editing nginx conf and adding the following line inside the server block     load module modules ngx http headers more filter module so    Once it s done you ll have access to both more set headers and more clear headers directives

User · Answer

Are you asking about the Server header value in the response  You can try changing that with an add header directive  but I m not sure if it ll work  http   wiki codemongers com NginxHttpHeadersModule

User · Answer

The last update was a while ago  so here is what worked for me on Ubuntu   sudo apt-get update sudo apt-get install nginx-extras   Then add the following two lines to the http section of nginx conf  which is usually located at  etc nginx nginx conf   sudo nano  etc nginx nginx conf server tokens off    removed pound sign more set headers  Server  Eff You Script Kiddies      Also  don t forget to restart nginx with sudo service nginx restart

User · Answer

I know the post is kinda old  but I have found a solution easy that works on Debian based distribution without compiling nginx from source   First install nginx-extras package     sudo apt install nginx-extras   Then load the nginx http headers more module by editing nginx conf and adding the following line inside the server block     load module modules ngx http headers more filter module so    Once it s done you ll have access to both more set headers and more clear headers directives

User · Answer

Install Nginx Extras  sudo apt-get update sudo apt-get install nginx-extras   Server details can be removed from response by adding following two lines in the nginx conf  under http section   more clear headers Server  server tokens off

User · Answer

Like Apache  this is a quick edit to the source and recompile  From Calomel org      The Server  string is the header which   is sent back to the client to tell   them what type of http server you are   running and possibly what version    This string is used by places like   Alexia and Netcraft to collect   statistics about how many and of what   type of web server are live on the   Internet  To support the author and   statistics for Nginx we recommend   keeping this string as is  But  for   security you may not want people to   know what you are running and you can   change this in the source code  Edit   the source file   src http ngx http header filter module c   at look at lines 48 and 49  You can   change the String to anything you   want       vi src http ngx http header filter module c  lines 48 and 49  static char ngx http server string      Server  MyDomain com  CRLF  static char ngx http server full string      Server  MyDomain com  CRLF    March 2011 edit  Props to Flavius below for pointing out a new option  replacing Nginx s standard HttpHeadersModule with the forked HttpHeadersMoreModule  Recompiling the standard module is still the quick fix  and makes sense if you want to use the standard module and won t be changing the server string often  But if you want more than that  the HttpHeadersMoreModule is a strong project and lets you do all sorts of runtime black magic with your HTTP headers

User · Answer

Are you asking about the Server header value in the response  You can try changing that with an add header directive  but I m not sure if it ll work  http   wiki codemongers com NginxHttpHeadersModule

User · Answer

There is a special module  http   wiki nginx org NginxHttpHeadersMoreModule     This module allows you to add  set  or clear any output or input header that you specify       This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing  builtin headers  like Content-Type  Content-Length  and Server       It also allows you to specify an optional HTTP status code criteria using the -s option and an optional content type criteria using the -t option while modifying the output headers with the more set headers and more clear headers directives

User · Answer

Are you asking about the Server header value in the response  You can try changing that with an add header directive  but I m not sure if it ll work  http   wiki codemongers com NginxHttpHeadersModule

User · Answer

The only way is to modify the file src http ngx http header filter module c   I changed nginx on line 48 to a different string   What you can do in the nginx config file is to set server tokens to off  This will prevent nginx from printing the version number   To check things out  try curl -I http   vurbu com    grep Server  It should return  Server  Hai

User · Answer

Nginx-extra package is deprecated now   The following therefore did now work for me as i tried installing various packages more set headers  Server  My Very Own Server    You can just do the following and no server or version information will be sent back      server tokens       if you just want to remove the version number this works     server tokens off

User · Answer

After I read Parthian Shot s answer  I dig into  usr sbin nginx binary file  Then I found out that the file contains these three lines    Server  nginx 1 12 2 Server  nginx 1 12 2 Server  nginx   Basically first two of them are meant for server tokens on  directive  Server version included   Then I change the search criteria to match those lines within the binary file   sed -i  s Server  nginx Server  thing    which nginx    After I dig farther I found out that the error message produced by nginx is also included in this file    lt hr gt  lt center gt nginx lt  center gt    There are three of them  one without the version  two of them included the version  So I run the following command to replace nginx string within the error message   sed -i  s center gt nginx center gt thing    which nginx

User · Answer

Like Apache  this is a quick edit to the source and recompile  From Calomel org      The Server  string is the header which   is sent back to the client to tell   them what type of http server you are   running and possibly what version    This string is used by places like   Alexia and Netcraft to collect   statistics about how many and of what   type of web server are live on the   Internet  To support the author and   statistics for Nginx we recommend   keeping this string as is  But  for   security you may not want people to   know what you are running and you can   change this in the source code  Edit   the source file   src http ngx http header filter module c   at look at lines 48 and 49  You can   change the String to anything you   want       vi src http ngx http header filter module c  lines 48 and 49  static char ngx http server string      Server  MyDomain com  CRLF  static char ngx http server full string      Server  MyDomain com  CRLF    March 2011 edit  Props to Flavius below for pointing out a new option  replacing Nginx s standard HttpHeadersModule with the forked HttpHeadersMoreModule  Recompiling the standard module is still the quick fix  and makes sense if you want to use the standard module and won t be changing the server string often  But if you want more than that  the HttpHeadersMoreModule is a strong project and lets you do all sorts of runtime black magic with your HTTP headers

User · Answer

Are you asking about the Server header value in the response  You can try changing that with an add header directive  but I m not sure if it ll work  http   wiki codemongers com NginxHttpHeadersModule

User · Answer

It   s very simple  Add these lines to server section   server tokens off  more set headers  Server  My Very Own Server

User · Answer

There is a special module  http   wiki nginx org NginxHttpHeadersMoreModule     This module allows you to add  set  or clear any output or input header that you specify       This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing  builtin headers  like Content-Type  Content-Length  and Server       It also allows you to specify an optional HTTP status code criteria using the -s option and an optional content type criteria using the -t option while modifying the output headers with the more set headers and more clear headers directives

User · Answer

If you are using nginx to proxy a back-end application and want the back-end to advertise its own Server  header without nginx overwriting it  then you can go inside of your server       stanza and set   proxy pass header Server    That will convince nginx to leave that header alone and not rewrite the value set by the back-end

User · Answer

If you re okay with just changing the header to another string five letters or fewer  you can simply patch the binary   sed -i  s nginx r thing r    which nginx    Which  as a solution  has a few notable advantages  Namely  that you can allow your nginx versioning to be handled by the package manager  so  no compiling from source  even if nginx-extras isn t available for your distro  and you don t need to worry about any of the additional code of something like nginx-extras being vulnerable   Of course  you ll also want to set the option server tokens off  to hide the version number  or patch that format string as well   I say  five letters or fewer  because of course you can always replace      nginx r 0   with     bob r 0 r 0   leaving the last two bytes unchanged   If you actually want more than five characters  you ll want to leave server tokens on  and replace the  slightly longer  format string  although again there s an upper limit on that length imposed by the length of the format string - 1  for the carriage return       If none of the above makes sense to you  or you ve never patched a binary before  you may want to stay away from this approach  though

User · Answer

Like Apache  this is a quick edit to the source and recompile  From Calomel org      The Server  string is the header which   is sent back to the client to tell   them what type of http server you are   running and possibly what version    This string is used by places like   Alexia and Netcraft to collect   statistics about how many and of what   type of web server are live on the   Internet  To support the author and   statistics for Nginx we recommend   keeping this string as is  But  for   security you may not want people to   know what you are running and you can   change this in the source code  Edit   the source file   src http ngx http header filter module c   at look at lines 48 and 49  You can   change the String to anything you   want       vi src http ngx http header filter module c  lines 48 and 49  static char ngx http server string      Server  MyDomain com  CRLF  static char ngx http server full string      Server  MyDomain com  CRLF    March 2011 edit  Props to Flavius below for pointing out a new option  replacing Nginx s standard HttpHeadersModule with the forked HttpHeadersMoreModule  Recompiling the standard module is still the quick fix  and makes sense if you want to use the standard module and won t be changing the server string often  But if you want more than that  the HttpHeadersMoreModule is a strong project and lets you do all sorts of runtime black magic with your HTTP headers

User · Answer

It   s very simple  Add these lines to server section   server tokens off  more set headers  Server  My Very Own Server

User · Answer

If you re okay with just changing the header to another string five letters or fewer  you can simply patch the binary   sed -i  s nginx r thing r    which nginx    Which  as a solution  has a few notable advantages  Namely  that you can allow your nginx versioning to be handled by the package manager  so  no compiling from source  even if nginx-extras isn t available for your distro  and you don t need to worry about any of the additional code of something like nginx-extras being vulnerable   Of course  you ll also want to set the option server tokens off  to hide the version number  or patch that format string as well   I say  five letters or fewer  because of course you can always replace      nginx r 0   with     bob r 0 r 0   leaving the last two bytes unchanged   If you actually want more than five characters  you ll want to leave server tokens on  and replace the  slightly longer  format string  although again there s an upper limit on that length imposed by the length of the format string - 1  for the carriage return       If none of the above makes sense to you  or you ve never patched a binary before  you may want to stay away from this approach  though

User · Answer

After I read Parthian Shot s answer  I dig into  usr sbin nginx binary file  Then I found out that the file contains these three lines    Server  nginx 1 12 2 Server  nginx 1 12 2 Server  nginx   Basically first two of them are meant for server tokens on  directive  Server version included   Then I change the search criteria to match those lines within the binary file   sed -i  s Server  nginx Server  thing    which nginx    After I dig farther I found out that the error message produced by nginx is also included in this file    lt hr gt  lt center gt nginx lt  center gt    There are three of them  one without the version  two of them included the version  So I run the following command to replace nginx string within the error message   sed -i  s center gt nginx center gt thing    which nginx

User · Answer

Simple  edit  etc nginx nginx conf and remove comment from   server tokens off    Search for http section

User · Answer

The only way is to modify the file src http ngx http header filter module c   I changed nginx on line 48 to a different string   What you can do in the nginx config file is to set server tokens to off  This will prevent nginx from printing the version number   To check things out  try curl -I http   vurbu com    grep Server  It should return  Server  Hai

User · Answer

Nginx-extra package is deprecated now   The following therefore did now work for me as i tried installing various packages more set headers  Server  My Very Own Server    You can just do the following and no server or version information will be sent back      server tokens       if you just want to remove the version number this works     server tokens off

User · Answer

If you are using nginx to proxy a back-end application and want the back-end to advertise its own Server  header without nginx overwriting it  then you can go inside of your server       stanza and set   proxy pass header Server    That will convince nginx to leave that header alone and not rewrite the value set by the back-end

User · Answer

Simple  edit  etc nginx nginx conf and remove comment from   server tokens off    Search for http section

User · Answer

According to nginx documentation it supports custom values or even the exclusion:

Syntax: server_tokens on | off | build | string;

but sadly only with a commercial subscription:

Additionally, as part of our commercial subscription, starting from version 1.9.13 the signature on error pages and the “Server” response header field value can be set explicitly using the string with variables. An empty string disables the emission of the “Server” field.

[nginx] How do you change the server header returned by nginx?

Examples related to nginx

Examples related to http-headers