隐藏nginx服务器信息 不指定

jed , 2011-3-8 23:52 , 服务器技术 , 评论(0) , 阅读(4191) , Via 本站原创 | |
通常nginx服务器不隐藏服务器类型及版本信息

curl -I http://10.60.30.23


HTTP/1.1 200 OK
Server: nginx nginx/0.8.53
Date: Tue, 14 Dec 2010 08:10:06 GMT
Content-Type: text/html
Content-Length: 151
Last-Modified: Mon, 13 Dec 2010 09:39:55 GMT
Connection: keep-alive
Accept-Ranges: bytes

这对于服务器安全来说是个隐患,用以下方法可以改善这种情况
1. 编辑源代码../src/http/ngx_http_header_filter_module.c
48

static char ngx_http_server_string[] = “Server: nginx” CRLF;
static char ngx_http_server_full_string[] = “Server: ” NGINX_VER CRLF;

改为

static char ngx_http_server_string[] = “Server: pws 1.0 ” CRLF;
static char ngx_http_server_full_string[] = “Server: pws 1.0 ” NGINX_VER CRLF;

然后编译安装。

2. 编辑/usr/local/nginx/conf/nginx.conf,添加

server_tokens off;

重新启动nginx

/usr/local/nginx/sbin/nginx -s reload

最终结果如下

curl -I http://10.60.30.23


HTTP/1.1 200 OK
Server: pws 1.0
Date: Tue, 14 Dec 2010 08:24:32 GMT
Content-Type: text/html
Content-Length: 151
Last-Modified: Mon, 13 Dec 2010 09:39:55 GMT
Connection: keep-alive
Accept-Ranges: bytes
发表评论

昵称

网址

电邮

打开HTML 打开UBB 打开表情 隐藏 记住我 [登入] [注册]