Attackers can easily exploit your web app if they know the version of the server you are running and most web servers like nginx transmit this data by default😳. Let's try the following line of code in any terminal to get your domain's server info.
curl --head yourdomain.com My result looks like so..
HTTP/1.1 301 Moved Permanently Server: nginx/<SERVER_VERSION>(<OPERATING_SYSTEM>) Date: Thu, 03 Mar 2022 13:46:14 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://jast-tech.com/ you might be using apache, no worries i gat you😌
Our simple task now is to hide the <SERVER_VERSION>
- FOR NGINX edit the nginx configuration file
nano /etc/nginx/nginx.conf Under the #HTTP Options line and before the ## line, add the following
server_tokens off; save changes with ctrl + x and we are done😜
restart your server with sudo systemctl restart nginx and you can try curl --head yourdomain.com to get your server version.
2.FOR APACHE
edit the apache configuration file
nano /etc/httpd/httpd.conf change ServerTokens Prod and ServerSignature Off
now one more step, look for
<Location "/server-status"> SetHandler server-status </Location> and change it to
<Location "/server-status"> SetHandler server-status Order deny,allow Deny from all </Location> 😛We are done, just restart your server with sudo service apache2 restart
Enjoy. 👋🏿
Top comments (0)