Disable "Golang net/http server" banner

Matt-STN · February 26, 2025, 1:43pm

When I ran an nmap scan over my infrastructure, I noticed that Traefik returns a Golang net/http server banner. e.g. with nmap -sV -p 80 myserver.com, I get the following:

Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-26 10:19 CET
Nmap scan report for myserver.com (X.X.X.X)
Host is up (0.0028s latency).
rDNS record for X.X.X.X: XXXX

PORT   STATE SERVICE VERSION
80/tcp open  http    Golang net/http server (Go-IPFS json-rpc or InfluxDB API)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.20 seconds

I would like to avoid giving informations to potential attackers, so I wanted to disable that banner, but I found no way to do that.
Are there some parameters to disable ? Or would one be forced to recompile Traefik for it to hide that banner ?

I'm using Traefik with Docker, if that changes anything.

Thanks

bluepuma77 · February 26, 2025, 2:40pm

With different Debian servers and different Nmap versions, I get different results.

I don't know how you would see a "banner". curl -v http://example.com shows no info, telnet example.com 80 also shows nothing.

I don't know how Nmap gets to this conclusion, maybe it's even Docker, which is written in Golang.

And note the special mention of "Please report any incorrect results" of Nmap.

A bit of more research later:

$ nmap -sV -vvvvv -ddddd --version-trace -p 80 example.com

Service scan hard match (Probe GetRequest matched with GetRequest line 10228): 2.3.4.5:80 is http.  Version: |Golang net/http server||Go-IPFS json-rpc or InfluxDB API|

$ cat /usr/share/nmap/nmap-service-probes | grep "Golang net/http server"

softmatch http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\n400 Bad Request| p|Golang net/http server| cpe:/a:golang:go/
match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/plain; charset=utf-8\r\nX-Content-Type-Options: nosniff\r\nDate: .*\r\nContent-Length: 19\r\n\r\n404 page not found\n| p|Golang net/http server| i/Go-IPFS json-rpc or InfluxDB API/ cpe:/a:golang:go/ cpe:/a:influxdata:influxdb/ cpe:/a:protocol_labs:go-ipfs/
match http m|^HTTP/1\.0 307 Temporary Redirect\r\nLocation: /containers/\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<a href="/containers/">Temporary Redirect</a>\.| p|Golang net/http server| i/Google cAdvisor/ cpe:/a:golang:go/ cpe:/a:google:cadvisor/

So Nmap tells by a RegEx check, that this server is using Golang. No banner involved.

Matt-STN · February 26, 2025, 2:43pm

Thanks @bluepuma77 , I did not think that nmap would do that to determine the type of the server. That answers my question !

Topic		Replies	Views
For HTTP POST request net::ERR_CONNECTION_RESET Traefik v2 docker , tcp , middleware	7	3158	July 15, 2022
Disable http response when visiting server ip address Traefik v2 docker	5	3401	January 1, 2024
How can i disable http to https redirect on a single container Traefik v3 (latest) docker	2	40	February 3, 2025
[Guide] Traefik 2.2 Docker Media Server Traefik v2 docker	2	1211	October 1, 2021
How to disable http to https redirect? Traefik v2 docker-swarm	5	8041	April 20, 2023

Disable "Golang net/http server" banner

Related topics