2.5.2 Ensure default error and index.html pages do not reference NGINX

Information

The default error and index.html pages for NGINX reveal that the server is NGINX. These default pages should be removed or modified so they do not advertise the underlying infrastructure of the server.

Rationale:

By gathering information about the server, attackers can target attacks against its known vulnerabilities. Removing pages that disclose the server runs NGINX helps reduce targeted attacks on the server.

Solution

Edit /usr/share/nginx/html/index.html and usr/share/nginx/html/50x.html and remove any lines that reference NGINX.

See Also

https://workbench.cisecurity.org/benchmarks/17381

Item Details

Category: SYSTEM AND SERVICES ACQUISITION

References: 800-53|SA-3, CSCv7|18.1

Plugin: Unix

Control ID: d7b376137eccdcf43a82109035fdf2f67bae6265c5a0733d41310a4409c4c7ee