Do not report the nginx version.
Under the # HTTP Options, we need to add:
server_tokens off;
Do not report the nginx version.
Under the # HTTP Options, we need to add:
server_tokens off;
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | FEATURE REQUEST | None | T6733 Do not report software versions root task | ||
In progress | FEATURE REQUEST | mwheeler | T6734 Nginx - disable software version reporting |
I wonder if we should not always disable this. I see no reason in exposing this information.
Usually I'm not a fan of changing default behavior, but I agree that there probably isn't much value in knowing the server version with how vyos manages the nginx config as a black box.
Is that the direction you'd like to go?
Canceling PR 4273 because it has several commits that go in the wrong direction. Will submit a new PR with a different approach.