Opened on 04/10/2014 at 06:37:58 PM

Closed on 04/23/2014 at 10:32:20 AM

#300 closed change (fixed)

Don't expose nginx version number in headers

Reported by: trev Assignee: trev
Priority: P3 Milestone:
Module: Infrastructure Keywords:
Cc: Blocked By:
Blocking: Platform:
Ready: yes Confidential: no
Tester: Verified working: no
Review URL(s):

http://codereview.adblockplus.org/6239349607759872

Description

Background

Currently the Server HTTP header contains the full nginx version number, this is considered not ideal security-wise.

What to change

Add server_tokens directive to nginx configuration.

Attachments (0)

Change History (4)

comment:1 Changed on 04/14/2014 at 06:37:58 AM by trev

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:2 Changed on 04/14/2014 at 06:38:13 AM by trev

  • Owner set to trev
  • Status changed from reviewing to assigned

comment:3 Changed on 04/14/2014 at 06:38:20 AM by trev

  • Status changed from assigned to reviewing

comment:4 Changed on 04/23/2014 at 10:32:20 AM by trev

  • Resolution set to fixed
  • Status changed from reviewing to closed

Fixed: https://hg.adblockplus.org/infrastructure/rev/78ca37941015

Add Comment

Modify Ticket

Change Properties
Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from trev.
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.