<![CDATA[沧海一粟]]>

<![CDATA[沧海一粟]]> http://www.dzhope.com/index.php zh-cn http://www.dzhope.com/post// <![CDATA[隐藏nginx服务器信息]]> jed <jed521@163.com> Tue, 08 Mar 2011 15:52:03 +0000 http://www.dzhope.com/post//

curl -I http://10.60.30.23

HTTP/1.1 200 OK
Server: nginx nginx/0.8.53
Date: Tue, 14 Dec 2010 08:10:06 GMT
Content-Type: text/html
Content-Length: 151
Last-Modified: Mon, 13 Dec 2010 09:39:55 GMT
Connection: keep-alive
Accept-Ranges: bytes

这对于服务器安全来说是个隐患，用以下方法可以改善这种情况
1. 编辑源代码../src/http/ngx_http_header_filter_module.c
48

static char ngx_http_server_string[] = “Server: nginx” CRLF;
static char ngx_http_server_full_string[] = “Server: ” NGINX_VER CRLF;

改为

static char ngx_http_server_string[] = “Server: pws 1.0 ” CRLF;
static char ngx_http_server_full_string[] = “Server: pws 1.0 ” NGINX_VER CRLF;

然后编译安装。

2. 编辑/usr/local/nginx/conf/nginx.conf，添加

server_tokens off;

重新启动nginx

/usr/local/nginx/sbin/nginx -s reload

最终结果如下

curl -I http://10.60.30.23

HTTP/1.1 200 OK
Server: pws 1.0
Date: Tue, 14 Dec 2010 08:24:32 GMT
Content-Type: text/html
Content-Length: 151
Last-Modified: Mon, 13 Dec 2010 09:39:55 GMT
Connection: keep-alive
Accept-Ranges: bytes

Tags - nginx , nginx版本信息 ]]> http://www.dzhope.com/post//#blogcomment <![CDATA[[评论] 隐藏nginx服务器信息]]> <user@domain.com> Thu, 01 Jan 1970 00:00:00 +0000 http://www.dzhope.com/post//#blogcomment