Tag Archives: http

Disable Nginx Version Number in HTTP Headers

security

By default, Nginx sends the version number in the HTTP response. Hackers can use this information to try and exploit any known vulnerabilities in Nginx, especially if you are running a version with known vulnerabilities. Security wise, it’s a good practice to not reveal versions numbers of the HTTP server.

Decode HTTP Basic Access Authentication

HTTP Basic Access Authentication is a simple challenge and response mechanism to enforce access controls to web resources. It does not require overheads like cookies, session identifiers, login pages, etc. Since this method is on the weak end of the security strength spectrum, it is seldom implemented except on home Wi-Fi routers.