Three Ways To change server header in Nginx or OpenResty

The Problem

Hiding server header is important to hide a potential bot which is targeting a vulnerability found in the server you are running.


1 Obvious way!

Obvious way is Nginx/OpenResty honors the server signature sent by the proxy.

proxy_pass_header Server;

2 Using lua (In case of OpenResty)

  location / {
    content_by_lua_block {
            ngx.header['server'] = 'WoWSome'
    access_by_lua_block {
        ngx.header['server'] = 'WoWSome'
    try_files $uri @app;

3 Probably the worst way of all.

You can use headers-more-nginx-module but for that you will need to compile it.

Once it is done you can simply use more_set_headers

	more_set_headers 'Server: WoWSome';

Worth Sharing?


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>