How do I check server tokens are off?
Solution 1:
From the manual you know what the setting does:
Syntax:
server_tokens on | off
;
Default:server_tokens on
;
Context: http, server, locationEnables or disables emitting nginx version in error messages and in the “Server” response header field.
So your options are:
- generate an error message, for instance if you don't have a custom 404 error message simply request a non-existing page and in the footer you won't see the version information
nginx/1.2.3
any more. - inspect the server headers and confirm that the version is no longer displayed.
A simple check to see the HTTP response headers is to manually connect i.e. with: telnet www.example.com 80
where the client lines are what you enter:
client: HEAD / HTTP/1.1
client: Host: www.example.comserver: HTTP/1.1 200 OK
server: Date: Wed, 1 Jan 1970 22:13:05 GMT
server: Server: Nginx/1.2.3
server: Connection: close
server: Content-Type: text/html
Solution 2:
After a bit more googling, I have found curl command can check the server headers which shows both server tokens and php versions:
curl -I -L www.example.com
Thanks to Alexey for pointing out the change needed in PHP.
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 04 Jun 2015 10:49:35 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.example.com
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 04 Jun 2015 10:49:36 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Thu, 04 Jun 2015 10:49:35 GMT
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1433414975"
Content-Language: en
Solution 3:
Also, if you serve PHP projects, you may need to change in /etc/nginx/{fastcgi,fastcgi_params).conf
fastcgi_param SERVER_SOFTWARE nginx;