通常nginx服务器不隐藏服务器类型及版本信息
curl -I http://10.60.30.23
HTTP/1.1 200 OK
Server: nginx nginx/0.8.53
Date: Tue, 14 Dec 2010 08:10:06 GMT
Content-Type: text/html
Content-Length: 151
Last-Modified: Mon, 13 Dec 2010 09:39:55 GMT
Connection: keep-alive
Accept-Ranges: bytes
这对于服务器安全来说是个隐患,用以下方法可以改善这种情况
1. 编辑源代码../src/http/ngx_http_header_filter_module.c
48
static char ngx_http_server_string[] = “Server: nginx” CRLF;
static char ngx_http_server_full_string[] = “Server: ” NGINX_VER CRLF;
改为
static char ngx_http_server_string[] = “Server: pws 1.0 ” CRLF;
static char ngx_http_server_full_string[] = “Server: pws 1.0 ” NGINX_VER CRLF;
然后编译安装。
2. 编辑/usr/local/nginx/conf/nginx.conf,添加
server_tokens off;
重新启动nginx
/usr/local/nginx/sbin/nginx -s reload
最终结果如下
curl -I http://10.60.30.23
HTTP/1.1 200 OK
Server: pws 1.0
Date: Tue, 14 Dec 2010 08:24:32 GMT
Content-Type: text/html
Content-Length: 151
Last-Modified: Mon, 13 Dec 2010 09:39:55 GMT
Connection: keep-alive
Accept-Ranges: bytes
curl -I http://10.60.30.23
HTTP/1.1 200 OK
Server: nginx nginx/0.8.53
Date: Tue, 14 Dec 2010 08:10:06 GMT
Content-Type: text/html
Content-Length: 151
Last-Modified: Mon, 13 Dec 2010 09:39:55 GMT
Connection: keep-alive
Accept-Ranges: bytes
这对于服务器安全来说是个隐患,用以下方法可以改善这种情况
1. 编辑源代码../src/http/ngx_http_header_filter_module.c
48
static char ngx_http_server_string[] = “Server: nginx” CRLF;
static char ngx_http_server_full_string[] = “Server: ” NGINX_VER CRLF;
改为
static char ngx_http_server_string[] = “Server: pws 1.0 ” CRLF;
static char ngx_http_server_full_string[] = “Server: pws 1.0 ” NGINX_VER CRLF;
然后编译安装。
2. 编辑/usr/local/nginx/conf/nginx.conf,添加
server_tokens off;
重新启动nginx
/usr/local/nginx/sbin/nginx -s reload
最终结果如下
curl -I http://10.60.30.23
HTTP/1.1 200 OK
Server: pws 1.0
Date: Tue, 14 Dec 2010 08:24:32 GMT
Content-Type: text/html
Content-Length: 151
Last-Modified: Mon, 13 Dec 2010 09:39:55 GMT
Connection: keep-alive
Accept-Ranges: bytes
apache 隐藏和伪装 版本信息
Lighttpd、Nginx 、Apache 隐藏响应头信息的Server信息,apache和php的版本信息
