Hello, friends. We continue with this little round of Nginx tutorials and tricks. This time, we will explain how to disable ETag in Nginx. As in previous posts, it will be a simple post, but that can help us a lot on a server.
What is Etag?
ETag (entity tag) is part of HTTP and is a method used by the protocol to validate the web cache and allows users to make conditional requests.
One thing to note is that the use of ETags in the HTTP header is optional. But the problem is that many site administrators consider it to be insecure and a security risk and choose to disable it.
The issue is that if ETags are misused, it is possible to track users through the browser cache. So today we are going to disable it.
Prerequisites
Before we continue, we have to make sure that we meet the requirements to complete the post without problems
- You need to have Nginx installed and configured. So make sure you have it using the official repositories of your Linux distribution.
- The version of Nginx must be higher than 1.9.5 You should have no issue to have it because most distributions include recent versions.
- Have basic knowledge on the use of the terminal.
- A user with
sudo
access or root access.
Let’s go for it.
How to globally disable ETag in Nginx
If you want to disable ETag globally affecting all the sites you have on the server, then you have to edit the Nginx configuration file which is /etc/nginx/nginx.conf
.
sudo nano /etc/nginx/nginx.conf
And inside the http
section add the etag off
directive. It will look like this.
http {
...
etag off;
...
}
Save the changes, close the editor and restart Nginx to apply the changes.
sudos sytemctl restart nginx
How to disable ETag in Nginx for one site
In case you have several sites and each one has its own dedicated configuration, then you have to edit each of the site configuration files where you want to disable ETag.
For example,
sudo nano /etc/nginx/sites-enabled/domain.conf
But unlike the previous method, we have to add etag off
inside server
. It will look like this.
server {
listen 80;
server_name domain;
etag off;
}
In the same way, close the editor and restart Nginx.
Conclusion
ETag can be very useful, but it is also a bit risky. So many sysadmins consider it better to disable it. Today, you learned this using Nginx.