How to Hide Server Signature of Nginx and PHP Version on Ubuntu 20.04 / CentOS 7

Server Signature is type of foot-printing in which the version number of web server module like Ngnix and PHP are considered as known by attackers for collection of data for foot-printing of servers by using the simple Linux commands or using some tools or some web browsers for hiding the server signature is necessary to remove the information from the sets to secure the web servers from the external attacks.

Step-1 : Check the Nginx version by typing

First verify if server is showing Nginx version or not by the command

# curl -I http://www.techbrown.com

Sample Output

HTTP/1.1 200 OK
Server: nginx/1.4.4
Date: Fri, 5 Jun 2015 11:38:47 CDT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.23
Set-Cookie: CACHED_FRONT_FORM_KEY=bCunlLxt1Sw1qHfw; path=/
P3p: CP="CAO PSA OUR"
WCN-WEB01: WCNWEB01

Step-2 : Edit the Nginx Configuration File

Goto nginx.conf

# vi /etc/nginx/nginx.conf

Add below parameter and save

Also Read WordPress Linux Server Hardening Guide

server_tokens off;

Like this

user nginx;
worker_processes 4;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events { worker_connections 1024; }
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
' $status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
server_tokens off;
gzip on;
gzip_static on;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_buffers 16 8k;
gzip_vary on;
## Detect when HTTPS is used
map $scheme $fastcgi_https
{
default off;
https on;
}
include /etc/nginx/conf.d/*.conf;

Step-3 : Edit the PHP configuration file to edit the settings

Then goto php.ini file and set expose_php = Off

# vi /etc/php.ini

expose_php = Off

Note: (O must be capital)

Step-4 : Check and verify the Nginx and PHP-FPM services

Reload Nginx and php-fpm services and check again

# curl -I http://www.techbrown.com

It must now hide version and server signature as shown.

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 5 Jun 2015 11:56:03 CDT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: CACHED_FRONT_FORM_KEY=NX3yUkgwxgJwQRLR; path=/
P3p: CP="CAO PSA OUR"
WCN-WEB01: WCNWEB01

Congratulations now you have hidden the Nginx server signature and PHP version on Ubuntu and CentOS.

Press ESC to close

Step-1 : Check the Nginx version by typing

Step-2 : Edit the Nginx Configuration File

Step-3 : Edit the PHP configuration file to edit the settings

Step-4 : Check and verify the Nginx and PHP-FPM services

Share Article:

How to Install Cinnamon Desktop Environment on CentOS 7 / RHEL 8

How to Format USB Pen Drive on Linux

Leave a Reply Cancel reply