Small Security Recommendation

I was messing with node red and for a second I lost communication with the server. I got a 503 code from the nginx web server. My guess is that nodered sits behind a nginx reverse proxy.

Anyways, when I saw the 503 screen it showed the version of ngnix. This can give an attacker some extra information if there is a known exploit for that version. If I remember correctly the nginx config variable “server_tokens off” will fix this.

1 Like

Thanks for the heads up, appreciate the suggestion and possible fix.
Will pass it on to our software engineers for their review.