Skip to main content

πŸ” Securing & Customizing Nginx Server Headers

πŸš€ Hide the Nginx Version Number​

nginx

✨ Steps:​

  1. Open the Nginx configuration file: 
    sudo vi /etc/nginx/nginx.conf
  2. Inside the http block, add the following line: 
    server_tokens off;
    nginx
  3. Restart Nginx to apply changes: 
    sudo systemctl restart nginx

nginx

🎭 Hide or Change the Server Name​

✨ Steps:​

  1. Install the required package: 
    sudo apt-get install nginx-extras
  2. Open your Nginx site configuration file: 
    vi /etc/nginx/sites-available/your-site.conf
  3. Inside the server block, add this line: 
    more_set_headers 'Server: abc';
    nginx
  4. Restart Nginx: 
    sudo systemctl restart nginx

nginx

πŸ” Verify the Changes​

Run the following command to check the server headers:

curl -I http://3.108.252.119/

Example Output:

HTTP/1.1 200 OK
Date: Wed, 11 Dec 2024 06:27:18 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Wed, 11 Dec 2024 06:07:32 GMT
Connection: keep-alive
ETag: "67592c24-267"
Server: abc
Accept-Ranges: bytes

πŸ” Restrict Access to Specific IPs​

✨ Steps:​

  1. Open the site configuration file: 
    sudo vi /etc/nginx/sites-available/default
  2. Add the following lines inside the server block: 
    allow 59.163.196.138;
    allow 65.234.321.135;
    deny all;
  3. Restart Nginx: 
    sudo systemctl restart nginx

🚫 Block a Specific IP​

✨ Steps:​

  1. Open the configuration file: 
    sudo vi /etc/nginx/sites-available/default
  2. Add the following lines inside the server block: 
    deny 67.234.543.22;
    allow all;
  3. Restart Nginx: 
    sudo systemctl restart nginx

πŸ”‘ Password Protect Your Website​

✨ Steps:​

  1. Install the apache2-utils package: 
    sudo apt-get install apache2-utils
  2. Create a password file for authentication: 
    sudo htpasswd -c /etc/nginx/.htpasswd yourusername
    (This will prompt you to set a password for yourusername)
  3. Open your site’s configuration file: 
    vi /etc/nginx/sites-available/website-url.conf
  4. Add the following lines inside the server block: 
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/.htpasswd;
  5. Restart Nginx: 
    sudo systemctl restart nginx

nginx

if you can not change in the www- fastcgi_param PHP_ADMIN_VALUE "open_basedir=/var/www/html/screening-round/backend/:/usr/lib/php/:/tmp/";

πŸŽ‰ Now your Nginx server is more secure and customized! πŸš€