nginx调整参数隐藏版本号
软件的漏洞都和版本有关,因此要尽量隐藏或消除Web服务对访问用户显示各类敏感信息
未隐藏版本号时
[root@web01 ~]# curl -I www.abc.com HTTP/1.1 200 OK Server: nginx/1.14.0 Date: Tue, 11 Sep 2018 06:24:57 GMT Content-Type: text/html Content-Length: 11 Last-Modified: Mon, 10 Sep 2018 04:56:48 GMT Connection: keep-alive ETag: "5b95f990-b" Accept-Ranges: bytes
配置参数隐藏版本号
vim /application/nginx/conf/nginx.conf
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#访问日志配置
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main buffer=32k flush=5s;
include /application/nginx/conf/extra/www.conf;
include /application/nginx/conf/extra/blog.conf;
include /application/nginx/conf/extra/bbs.conf;
include /application/nginx/conf/extra/status.conf;
#隐藏版本号
server_tokens off;
}
重载nginx
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx -s reload
再次访问检查是否隐藏成功
[root@web01 ~]# curl -I www.abc.com HTTP/1.1 200 OK Server: nginx Date: Tue, 11 Sep 2018 06:25:46 GMT Content-Type: text/html Content-Length: 11 Last-Modified: Mon, 10 Sep 2018 04:56:48 GMT Connection: keep-alive ETag: "5b95f990-b" Accept-Ranges: bytes
修改nginx软件名以及版本号--通过修改nginx源码
修改方法:依次修改3个nginx源码文件-->源码文件 nginx软件包解压后的
修改第一个源码文件:
vim /server/tools/nginx-1.14.0/src/core/nginx.h
找到
12 #define nginx_version 1014000 13 #define NGINX_VERSION "1.14.0" <-- 修改为先要显示的版本号 14 #define NGINX_VER "nginx/" NGINX_VERSION <-- 修改为想要显示的软件名 22 #define NGINX_VAR "NGINX" <-- 修改为想要显示的软件名
efine NGX_OLDPID_EXT ".oldbin"
修改为
#define nginx_version 1014000
#define NGINX_VERSION "2.2"
#define NGINX_VER "OWS/" NGINX_VERSION
#define NGINX_VAR "OWS"
#define NGX_OLDPID_EXT ".oldbin"
修改第二个源码文件
vim /server/tools/nginx-1.14.0/src/http/ngx_http_header_filter_module.c
找到
49 static char ngx_http_server_string[] = "Server: nginx" CRLF;
## 将 nginx 修改为想要显示的软件名
修改为
static char ngx_http_server_string[] = "Server: OWS" CRLF;
修改第三个源码文件,在网站对外报错时,它会控制敏感信息
vim /server/tools/nginx-1.14.0/src/http/ngx_http_header_filter_module.c
找到
22 "<hr><center>" NGINX_VER "</center>" CRLF
修改为
"<hr><center>" NGINX_VER " ([email protected])</center>" CRLF
## 当网站对外报错时会显示此段内容
找到
36 "<hr><center>nginx</center>" CRLF
## 将 nginx 修改为想要显示的软件名
修改为
"<hr><center>OWS</center>" CRLF
重新编译nginx
修改后编译软件使其生效,如果是已安装好的软件,需要重新编译Nginx按之前的编译在编译一次,配置好配置,启动服务
在重新编译前还需要将之前的nginx服务停止,在启动方能失效
安装好的nginx再重新编译不会影响配置文件 软件目录中的内容
重新编译后启动nginx
/application/nginx/sbin/nginx
最后结果
[root@web01 nginx-1.14.0]# curl -I www.abc.com HTTP/1.1 200 OK Server: OWS #之前配置了隐藏版本号,所以不显示版本 Date: Tue, 11 Sep 2018 06:50:17 GMT Content-Type: text/html Content-Length: 11 Last-Modified: Mon, 10 Sep 2018 04:56:48 GMT Connection: keep-alive ETag: "5b95f990-b" Accept-Ranges: bytes