Attackers can easily exploit your web app if they know the version of the server you are running and most web servers like nginx transmit this data by default😳. Let's try the following line of code in any terminal to get your domain's server info.
curl --head yourdomain.com
My result looks like so..
HTTP/1.1 301 Moved Permanently
Server: nginx/<SERVER_VERSION>(<OPERATING_SYSTEM>)
Date: Thu, 03 Mar 2022 13:46:14 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://jast-tech.com/
you might be using apache, no worries i gat you😌
Our simple task now is to hide the <SERVER_VERSION>
- FOR NGINX edit the nginx configuration file
nano /etc/nginx/nginx.conf
Under the #HTTP Options line and before the ## line, add the following
server_tokens off;
save changes with ctrl + x and we are done😜
restart your server with sudo systemctl restart nginx and you can try curl --head yourdomain.com to get your server version.
2.FOR APACHE
edit the apache configuration file
nano /etc/httpd/httpd.conf
change ServerTokens Prod and ServerSignature Off
now one more step, look for
<Location "/server-status">
SetHandler server-status
</Location>
and change it to
<Location "/server-status">
SetHandler server-status
Order deny,allow
Deny from all
</Location>
😛We are done, just restart your server with sudo service apache2 restart
Enjoy. 👋🏿
Top comments (0)