Saturday, September 28, 2013

nginx - Hide the identity and version of nginx

Whenever a user access a restricted page without a appropriate privilege, nginx server will redirect her to an error page:



It will show its identity and version (nginx ). For the security's sake I want to hide those information and show my custom page instead of that default page.

So, do the following:

1. Hide the nginx version: open the /etc/nginx/nginx.conf, edit the line:

erver_tokens off; 

save and exit.

2. Direct those 40x error to my custom page in /usr/share/nginx/www/40x.html: in the site's configuration (/etc/nginx/site-available/default):

        error_page 401 402 403 404 /40x.html;                                                                                                                                    
        location = /40x.html {                                                                                                                                                   
                root /usr/share/nginx/www;
        }

Create a custom page in /usr/share/nginx/www/40x.html

3. Restart nginx:

sudo service nginx restart