Join Log in
Score:0
campos avatar Server

How to hide that Nginx is a reverse proxy?

ro flag
campos

Running the command nmap -A -sS mysite.com, it was demonstrated that the server is Nginx and that it is used as a proxy. Is it possible to hide this information?

Command output: 80/tcp open http nginx (reverse proxy)

I am using Nginx 1.18.0. In my nginx.conf, I set the settings (Some non-security settings have been hidden. The "..." means that.):

load_module modules/ngx_http_headers_more_filter_module.so;

user                 www-data;
pid                  /run/nginx.pid;
worker_processes     auto;
worker_rlimit_nofile 65535;

events {
    multi_accept       on;
    worker_connections 65535;
}

http {
     ...
     more_set_headers       'Server: none';
     server_tokens          off;
     ...

    # Connection header for WebSocket reverse proxy
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ""      close;
    }

    # Load configs
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

}
69
0 + 0
djdomi avatar
za flag
djdomi
and what should this protect you from what? nginx is by design a reverse proxy, so even you hide the word, it would not protect you from anything
0
Reply
campos avatar
ro flag
campos
@djdomi The idea of hiding information about services comes from hardening studies. The smaller the amount of information, the more difficult it is to carry out an attack.
0
Reply
djdomi avatar
za flag
djdomi
security by obscurity never worked in the past. So next argument why ypu want to do it? ;) `server_tokens off;` may be the function you are looking for. moreover if you running php remind for `expose_php = off`
0
Reply
Score:0
w0nd3r365 avatar Server
br flag
w0nd3r365

Try removing more_set_headers directive and run Nmap again. I noticed that Nmap detects nginx as a reverse proxy when I set the directive in my nginx.conf file but failed to detect it as such when I commented out the directive.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.