Hello! On Tue, Jan 12, 2021 at 04:10:03AM -0500, sanjay9999 wrote:
> Hi, > I am using mixed case letters in request methods. nginx finalized http > request to 400 becuase as per the standard Request Method is case sensitive. > However it shows html response with last line showing "nginx". > > Our security team says "you should not disclose web server details in the > response for a request" > We have implemented solution to hide server name and version. > > However, in this case control does not reach any of out server/location > block . so that I can override the 400 errror. Consider reading these tickets: https://trac.nginx.org/nginx/ticket/936 https://trac.nginx.org/nginx/ticket/1644 In particular, consider showing this Wikipedia article to your "security team": https://en.wikipedia.org/wiki/Security_through_obscurity If you really want to hide "nginx" regardless of what's written in the above links, you can do so using the server_tokens directive (http://nginx.org/r/server_tokens): server_tokens ""; This only works in the commercial version though. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
