Skip to content

Disable server tokens #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 24, 2021
Merged

Disable server tokens #83

merged 2 commits into from
Oct 24, 2021

Conversation

@RealOrangeOne
Copy link
Contributor

@RealOrangeOne RealOrangeOne commented Sep 21, 2021
edited
Loading

Description:

Disable nginx's server tokens (the version in the Server header)

Benefits of this PR and context:

This avoids unnecessary information exposure.

Hiding the Server header altogether on nginx is notoriously difficult, but at least hiding the version hides some information which can be very useful in a security context.

How Has This Been Tested?

Manually making the change and testing that the nginx version goes.

Source / References:

https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens

@RealOrangeOne
Disable server tokens
fb2854c 
This avoids unnecessary information exposure.

Hiding the `Server` header altogether on nginx is notoriously difficult, but at least hiding the version hides some information which can be very useful in a security context.
@LinuxServer-CI
Copy link
Contributor

LinuxServer-CI commented Sep 21, 2021

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/baseimage-nginx/3.14-f5fa0a63-pkg-f5fa0a63-pr-83/index.html
https://ci-tests.linuxserver.io/lspipepr/baseimage-nginx/3.14-f5fa0a63-pkg-f5fa0a63-pr-83/shellcheck-result.xml

@aptalca aptalca self-assigned this Sep 23, 2021
@github-actions
Copy link

github-actions bot commented Oct 24, 2021

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@RealOrangeOne
Copy link
Contributor Author

RealOrangeOne commented Oct 24, 2021

Definitely not stale.

@nemchik nemchik mentioned this pull request Oct 24, 2021
Merged
@LinuxServer-CI
Copy link
Contributor

LinuxServer-CI commented Oct 24, 2021

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/baseimage-nginx/3.14-38576205-pkg-38576205-pr-83/index.html
https://ci-tests.linuxserver.io/lspipepr/baseimage-nginx/3.14-38576205-pkg-38576205-pr-83/shellcheck-result.xml

@nemchik nemchik merged commit 21d9276 into linuxserver:master Oct 24, 2021
@RealOrangeOne RealOrangeOne deleted the patch-1 branch October 24, 2021 16:04
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@nemchik nemchik nemchik approved these changes

Assignees

@aptalca aptalca

Labels

no-pr-activity

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@RealOrangeOne @LinuxServer-CI @nemchik @aptalca