Nginx Default Page Enabled
Detection of Nginx default page enabled misconfiguration, potentially exposing sensitive server information.
Security Misconfiguration (SM)
How this template works
The template uses API selection filters to specify the criteria for selecting APIs to test. In this case, it filters APIs based on the response code, ensuring that it is between 200 and 299. It also extracts the URL from the response and assigns it to the variable "urlVar".
The template uses the "execute" section to define the type of request to be executed. In this case, it is a single request. The request is modified using the "modify_url" action, which uses the value of the "urlVar" variable to modify the URL of the request.
The template uses the "validate" section to define the validation criteria for the response. In this case, it checks if the response payload contains the string "Welcome to nginx!". If the response payload contains this string, the validation is considered successful.
Frequently asked questions
What is the purpose of the Nginx Default Page Enabled test
How does the Nginx Default Page Enabled test determine if the default page is enabled
What are the potential risks of enabling the Nginx default page
What category and severity level does the Nginx Default Page Enabled test fall under
How can disabling the default Nginx page and customizing error pages enhance security
Are there any references or resources available for further information on security misconfigurations