Customize the Nginx HTTP header

For change the HTTP header in nginx is require recompile it from source. It quite easy.

First, download the latest version of nginx (1.0.2 at the time of writing):

>wget http://nginx.org/download/nginx-1.0.2.tar.gz

>tar xvzf nginx-1.0.2.tar.gz

>cd nginx-1.0.2

Changing the server string

The http header is in a file called ngx_http_header_filter_module.c:

>vi src/http/ngx_http_header_filter_module.c

Edit the following line :

static char ngx_http_server_string[] = “Server: nginx” CRLF;

… and change the nginx in ‘Server: nginx’ to whatever you want:

static char ngx_http_server_string[] = “Server: VietHiP” CRLF;

Next, edit src/core/nginx.h:

>vi src/core/nginx.h

Edit the following line

#define NGINX_VER         “nginx/”  NGINX_VERSION

… and change the server string to whatever you want:

#define NGINX_VER         “VietHip/”   NGINX_VERSION

Changing the version number

You might also want to change the version number to confuse attackers, or just for fun :D Edit src/core/nginx.h:

>vi src/core/nginx.h

Edit the following line

#define NGINX_VERSION    “1.0.2”

… and change the version to whatever you want:

#define NGINX_VERSION   “0.0.7”

You can stop nginx from displaying the version entirely if you want, by include the server_tokens directive in your nginx.conf:

server_tokens off;

Compiling

You can set the prefix as appropriate – I keep it in /opt/ on Ubuntu

>./configure –prefix=/opt/nginx-1.0.2 –with-http_ssl_module

>make

>sudo make install

After this, use .bashrc or similar to add /opt/nginx-1.0.2/sbin to your path, then you can start your new nginx install using:

>sudo ngingx

To stop it, use ‘-s’ to send the stop signal:

>sudo nginx -s stop

Results

If you check the response headers, you should see your custom server string:

Server: VietHip/0.0.7, VietHip

Date: Sun, 22 May 2011 00:30:22 GMT

Gook luck!

About these ads

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s