1、背景
为了提高nginx服务器的安全性,降低被攻击的风险,需要隐藏nginx的server和版本号。
2、隐藏nginx版本号
在 http {—}里加上 server_tokens off; 如:
http {……省略sendfile on;tcp_nopush on;keepalive_timeout 60;tcp_nodelay on;server_tokens off;…….省略
}
3、隐藏server信息
修改源码文件,从新编译
# vim /path/nginx/src/http/ngx_http_header_filter_module.c
修改前49 static u_char ngx_http_server_string[] = "Server: nginx" CRLF;50 static u_char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;51 static u_char ngx_http_server_build_string[] = "Server: " NGINX_VER_BUILD CRLF;
修改后49 static u_char ngx_http_server_string[] = "Server: " CRLF;50 static u_char ngx_http_server_full_string[] = "Server: " CRLF;51 static u_char ngx_http_server_build_string[] = "Server: " CRLF;
4、隐藏 nginx -V 的版本号
修改源码文件,从新编译
# vim /path/nginx/src/core/nginx.c
修改前390 static void391 ngx_show_version_info(void)392 {393 ngx_write_stderr("nginx version: " NGINX_VER_BUILD NGX_LINEFEED);394395 if (ngx_show_help) {修改后390 static void391 ngx_show_version_info(void)392 {393 ngx_write_stderr("nginx version: " "hello world\n");394395 if (ngx_show_help) {