Introduction to the server_tokens module in Nginx
The server_tokens module in Nginx is one of the useful features that allows us to maintain greater control over the HTTP response headers from the server. In other words, this module provides information that the server presents to the client in the HTTP headers, which usually includes information such as the version of Nginx and the type of platform running on the server. This information can help attackers identify specific weaknesses in the server.
Disabling this information increases the security of the website. Consequently, it prevents attackers from easily obtaining information about the technology used and the versions of the server software. Here, we will look at how we can disable these fields and easily hide them.
Contrary to common belief, disabling these headers is simply done by configuring a setting in the Nginx configuration file. Below, several code examples along with relevant explanations are provided.
Now let’s look at the relevant codes for these settings and see how this task is performed.
server {
listen 80;
server_name example.com;
# Disable server tokens
server_tokens off;
location / {
root html;
index index.html index.htm;
}
}Code explanation
Here is a sample configuration code for an Nginx server:
server {This line defines the beginning of a server block that contains specific configurations for a domain or a specified IP address.
listen 80;This line tells Nginx to listen for incoming traffic on port 80 (the standard HTTP port).
server_name example.com;This line specifies the server name used, in this case, we are using example.com. This server name indicates to which domain the requests for management apply.
server_tokens off;With this line, we disable the information related to the server version and other related details.
location / {This line defines a location block that specifies what configurations apply to certain paths in the site. Here, this is applicable to all paths accessible.
root html;This line tells Nginx that the root directory for the website files is in the directory named html.
index index.html index.htm;Here, Nginx is specifying which file should be considered as the main (index) file, in this case, it is either index.html or index.htm.
}Finally, this line indicates the end of the location and server block.