I am not sure if this is the right sub, but yesterday I was having some issues with login with my user and was getting 403 error if I am not wrong and noticed that the NGINX version is exposed, which is a bad practice.

So if someone from the admins of Lemmy.world see this message, maybe they can change the NGINX config and hide the version flag by setting “server_tokens off;”.

    • half@lemmy.world
      link
      fedilink
      arrow-up
      14
      ·
      1 year ago

      My pet theory is that NGINX was designed by a pen-tester who realized that all they needed to do to make the majority of SMBs expose their web servers to the internet was outperform Apache