Cheat Sheets

Security - nginx ServerTokens

Description

An nginx production webserver should not give details in the 'Server:' header

Check Script: security-nginx-server-tokens.sh

for dir in /etc/nginx /usr/local/nginx/conf; do
	if [ -d $dir ]; then
		if ! rgrep -q "server_tokens[[:space:]][[:space:]]*off" $dir/*-enabled $dir/conf.d; then
			result_failed "server_tokens is not set to 'off'"
		fi
	fi
done
Comment on Disqus