nginx 基本安全优化
[root@izbp18tnigcymjlz2mm69lz conf]# curl -i 127.0.0.1 HTTP/1.1 200 OK Server: nginx/1.6.3 <<<这个位置明显暴露服务器版本及软件名称 Date: Sun, 27 Oct 2019 11:40:44 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Sun, 15 Sep 2019 12:40:27 GMT Connection: keep-alive ETag: "5d7e313b-264" Accept-Ranges: bytes <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
隐藏版本号
在nginx.conf
server_tokens off;
http {
server_tokens off;
}
server_tokens官方说明
syntax: server_tokens on|off; on w为开启状态。off为关闭状态。 default: server_tokens on 不做配置默认参数 context: http,server,location 为可放的位置
2、更改源码隐藏软件及版本号
需要修改3个源文件
- nginx.h
- ngx_http_header_filter_module.c
- ngx_http_special_response.e