Server Signature is type of foot-printing in which the version number of web server module like Ngnix and PHP are considered as known by attackers for collection of data for foot-printing of servers by using the simple Linux commands or using some tools or some web browsers for hiding the server signature is necessary to remove the information from the sets to secure the web servers from the external attacks.

Step-1 : Check the Nginx version by typing

First verify if server is showing Nginx version or not by the command

# curl -I http://www.techbrown.com

Sample Output

HTTP/1.1 200 OK
Server: nginx/1.4.4
Date: Fri, 5 Jun 2015 11:38:47 CDT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.23
Set-Cookie: CACHED_FRONT_FORM_KEY=bCunlLxt1Sw1qHfw; path=/
Step-2 : Edit the Nginx Configuration File

Goto nginx.conf

# vi /etc/nginx/nginx.conf

Add below parameter and save

server_tokens off;

Like this

user nginx;
worker_processes 4;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events { worker_connections 1024; }
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
' $status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
server_tokens off;
gzip on;
gzip_static on;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_buffers 16 8k;
gzip_vary on;
## Detect when HTTPS is used
map $scheme $fastcgi_https
default off;
https on;
include /etc/nginx/conf.d/*.conf;
Step-3 : Edit the PHP configuration file to edit the settings

Then goto php.ini file and set expose_php = Off

# vi /etc/php.ini
expose_php = Off

Note: (O must be capital)

Step-4 : Check and verify the Nginx and PHP-FPM services

Reload Nginx and php-fpm services and check again

# curl -I http://www.techbrown.com

It must now hide version and server signature as shown.

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 5 Jun 2015 11:56:03 CDT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: CACHED_FRONT_FORM_KEY=NX3yUkgwxgJwQRLR; path=/

Congratulations now you have hidden the Nginx server signature and PHP version on Ubuntu and CentOS.

Also Read  How to Harden and Secure SSH on Ubuntu 20.04 / CentOS 7

How to Install Cinnamon Desktop Environment on CentOS 7 / RHEL 8

Previous article

How to Format USB Pen Drive on Linux

Next article

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *

More in Linux