Disable server signature on nginx with modsecurity
Solution 1
Recompiling nginx with modsecurity-nginx connector worked. Followed this link to do this: compile nginx and modsecurity with nginx-modsecurity connector and included headers_more_module while compiling nginx.
Solution 2
If you are on Ubuntu the following should work:
-
Install
nginx-extras
sudo apt-get install nginx-extras
-
Edit
/etc/nginx/nginx.conf
and in thehttp
block add:http { more_set_headers "Server: My_Custom_Server_Name"; server_tokens off; }
-
Restart nginx
sudo service nginx restart
TrickyExplorer
Updated on September 18, 2022Comments
-
TrickyExplorer almost 2 years
I have compiled modsecurity and headers_more_module with nginx(1.13.6) on my ubuntu server. When modsecurity is not enabled at the nginx configuration, I am able to hide the origin server's name in the server responses:
Server: nginx
However, when modsecurity is enabled, I am getting the header in every response. How can I disable showing the server's signature with modsecurity enabled? Is there anything that should be modified in the modsecurity configuration to achieve this?
-
TrickyExplorer about 6 yearsI am on an ubuntu server. But, nginx-extras will work only if nginx was installed using apt-get. I have manually compiled nginx. Also, I need a solution for removing the header in the presence of modsecurity rather than just nginx.
-
TrickyExplorer about 6 yearsCould you please tell me when(to tweak the modsecurity configuration during compilation) and exactly which config file to add SecServerSignature?
-
ArtOfWarfare about 3 yearsAlso worked for me on a Raspberry Pi.