What is ETag? and how to disable it on nginx

Nginx is perhaps the most important web server that currently exists due to the large number of configurations you can do with it and with a very high performance. Part of these configurations are oriented to the behavior of the requests that it will receive. Today, I will teach you a trick, today you will learn how to disable ETag in NGINX.

Introduction – What is ETag?

According to Mozilla:

The ETag (or entity tag) HTTP response header is an identifier for a specific version of a resource.

Now, what is ETag for? Well, it lets caches be more efficient and save bandwidth, as a web server does not need to resend a full response if the content was not changed.

However, ETag handling can be exploited by hackers to sabotage the web server. This is why it is sometimes necessary to disable it.

Yes, misuse of ETag can be a risk and a security problem. In short, many malicious apps use the ETag mechanism in reverse, i.e., instead of serving as an entity tag for a resource provided by the web application, they take advantage of it to use it as a user tracking tag.

How to disable ETag in NGINX

To perform this process, you can do it both globally and specifically for each of the ServerBlocks.

If you want to do it globally, you will have to edit the Nginx config file. Remember that you need root privileges.

sudo vi /etc/nginx/nginx.conf

Inside the http section, just write the etag directive and set it to a standard value of off. To disable it, do this.

http {
   ...
   etag off;
   ...
}

To apply the changes, just save the changes and then restart the service.

sudo systemctl restart nginx

As you can see, you only have to add this command inside http and it will be magically disabled for every website that is running Nginx.

Disable ETag in NGINX (For a specific site)

If you only want to disable ETag in a specific site, then you don’t have to modify the global configuration file but the ServerBlocks configuration file.

An example is:

sudo vi /etc/nginx/sites-enabled/imaginelinux.conf

Now the ETag directive you will have to change the value but inside server like this

server {
   listen 80;
   server_name imaginelinux.com
   etag off;
   ...
}

Save the changes and again to apply them, you can restart Nginx.

sudo systemctl restart nginx

You will notice the changes immediately. If you want to revert the changes, just change off to on in the directive value.

Conclusion

ETag is a great help for web servers, but its misuse can lead to vulnerabilities that can affect the server.

I hope you liked this post and you can share this resource.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top