<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Jay,<br>
<br>
thanks a lot. Does exactly what I wanted.<br>
Didn't check the headers module, nearly anything else but not the
headers, duh!<br>
<br>
<br>
Regards,<br>
<br>
thomas<br>
<br>
Jay Reitz schrieb:
<blockquote
cite="mid:850c32e30805121100m6a7eeaadj979371f196f88a15@mail.gmail.com"
type="cite">Use:<br>
server_tokens off;<br>
<br>
From:<br>
<a moz-do-not-send="true"
href="http://wiki.codemongers.com/NginxHttpHeadersModule">http://wiki.codemongers.com/NginxHttpHeadersModule</a><br>
<br>
I believe this setting was added in version <a moz-do-not-send="true"
href="http://0.5.34.">0.5.34.</a><br>
<br>
>j.<br>
<br>
<div class="gmail_quote">On Mon, May 12, 2008 at 10:47 AM, Thomas
Seifert <<a moz-do-not-send="true"
href="mailto:thomas-lists@mysnip.de">thomas-lists@mysnip.de</a>>
wrote:<br>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi
Guys,<br>
<br>
is there any directive to hide the exact server version in the header
and error pages?<br>
I don't mind showing that I'm running nginx but I don't want to give
out the exact version it is.<br>
It could give attackers additional information if the update is lacking
a version or something like that.<br>
<br>
I know, security by obscurity isn't working well but at least its a
stumbling block.<br>
<br>
<br>
Regards,<br>
<font color="#888888"><br>
thomas<br>
<br>
</font></blockquote>
</div>
<br>
</blockquote>
<br>
</body>
</html>