nginx 基本安全优化

[root@izbp18tnigcymjlz2mm69lz conf]# curl -i 127.0.0.1
HTTP/1.1 200 OK
Server: nginx/1.6.3  <<<这个位置明显暴露服务器版本及软件名称
Date: Sun, 27 Oct 2019 11:40:44 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Sun, 15 Sep 2019 12:40:27 GMT
Connection: keep-alive
ETag: "5d7e313b-264"
Accept-Ranges: bytes

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

隐藏版本号

在nginx.conf

server_tokens off;
http {
    
     server_tokens off;

}

server_tokens官方说明

syntax: server_tokens on|off; on w为开启状态。off为关闭状态。
default: server_tokens on 不做配置默认参数
context: http,server,location 为可放的位置

 

2、更改源码隐藏软件及版本号

需要修改3个源文件

  • nginx.h
  • ngx_http_header_filter_module.c
  • ngx_http_special_response.e
posted @ 2019-10-27 19:56  Xingtxx  阅读(348)  评论(0编辑  收藏  举报