fix[security]: Disable nginx server signature by default (#7814)

cvat-ai · May 2, 2024 · ce5e07c · ce5e07c
1 parent 3e29537
commit ce5e07c
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 0 deletions.
diff --git a/changelog.d/20240429_124319_jackylamhk_patch_2.md b/changelog.d/20240429_124319_jackylamhk_patch_2.md
@@ -0,0 +1,4 @@
+### Security
+
+- Disable the nginx server signature by default to make it slightly harder for attackers to find known vulnerabilities.
+  (<https://github.com/cvat-ai/cvat/pull/7814>)
diff --git a/cvat-ui/react_nginx.conf b/cvat-ui/react_nginx.conf
@@ -1,6 +1,11 @@
 server {
     root /usr/share/nginx/html;
 
+    # Disable server signature to make it slighty harder for
+    # attackers to find known vulnerabilities. See
+    # https://datatracker.ietf.org/doc/html/rfc9110#name-server
+    server_tokens off;
+
     gzip on;
     gzip_comp_level 6;
     gzip_http_version 1.1;

diff --git a/cvat/nginx.conf b/cvat/nginx.conf
@@ -50,6 +50,11 @@ http {
 
     server_name _;
 
+    # Disable server signature to make it slighty harder for
+    # attackers to find known vulnerabilities. See
+    # https://datatracker.ietf.org/doc/html/rfc9110#name-server
+    server_tokens off;
+
     location /static/ {
       gzip on;
       gzip_comp_level 6;