Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue: server_tokens directive is enabled by default on new installs #6158

Closed
Piccirello opened this issue Sep 13, 2020 · 1 comment · Fixed by #6190
Closed

Security issue: server_tokens directive is enabled by default on new installs #6158

Piccirello opened this issue Sep 13, 2020 · 1 comment · Fixed by #6190
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@Piccirello
Copy link

In the ingress-nginx hardening guide, section 2.5.1 notes that "server_tokens is configured to off by default." Despite this, after testing a new install of ingress-nginx-controller v0.35.0, server-tokens appears to be enabled. Further, the ingress-nginx user guide notes that this default-enabled behavior is expected, which contradicts the hardening guide.

/kind bug
@Piccirello Piccirello added the kind/bug Categorizes issue or PR as related to a bug. label Sep 13, 2020
@Piccirello Piccirello changed the title server_tokens directive is enabled by default on new installs Security issue: server_tokens directive is enabled by default on new installs Sep 15, 2020
@aledbf aledbf mentioned this issue Sep 17, 2020
Merged
8 tasks
@Piccirello
Copy link
Author

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Change server-tokens default value to false aledbf/ingress-nginx
1 participant
@Piccirello