Opened 5 years ago

Closed 5 years ago

#300 closed change (fixed)

Don't expose nginx version number in headers

Reported by: trev Assignee: trev
Priority: P3 Milestone:
Module: Infrastructure Keywords:
Cc: Blocked By:
Blocking: Platform:
Ready: yes Confidential: no
Tester: Verified working: no
Review URL(s):

http://codereview.adblockplus.org/6239349607759872

Description

Background

Currently the Server HTTP header contains the full nginx version number, this is considered not ideal security-wise.

What to change

Add server_tokens directive to nginx configuration.

Change History (4)

comment:1 Changed 5 years ago by trev

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:2 Changed 5 years ago by trev

  • Owner set to trev
  • Status changed from reviewing to assigned

comment:3 Changed 5 years ago by trev

  • Status changed from assigned to reviewing

comment:4 Changed 5 years ago by trev

  • Resolution set to fixed
  • Status changed from reviewing to closed
Note: See TracTickets for help on using tickets.