zoukankan      html  css  js  c++  java
  • 隐藏Nginx版本号!

    在生产环境中,需要隐藏 Nginx 的版本号,以避免安全漏洞的泄漏

    一旦有黑客知道Nginx版本号便可以利用Nginx漏洞进行攻击,严重影响到了公司的安全

    查看隐藏版本号命令:curl -I http://ip地址

    ========================================================

    安装Nginx后查看:

    [root@localhost nginx-1.16.0]# curl -I http://192.168.200.120
    HTTP/1.1 200 OK
    Server: nginx/1.16.0
    Date: Thu, 12 Sep 2019 03:55:10 GMT
    Content-Type: text/html
    Content-Length: 612
    Last-Modified: Thu, 12 Sep 2019 01:08:46 GMT
    Connection: keep-alive
    ETag: "5d799a9e-264"
    Accept-Ranges: bytes

    隐藏方法1【基于源码包】:(安装Nginx后要修改文件必须先卸载Nginx再安装)

    [root@localhost ~]# killall -9 nginx                                            //杀死nginx进程
    [root@localhost ~]# rm -rf /usr/local/nginx/     
    [root@localhost ~]# cd /usr/src/nginx-1.16.0/
    [root@localhost nginx-1.16.0]# make clean
    rm -rf Makefile objs                                                                
    [root@localhost nginx-1.16.0]# cd
    [root@localhost ~]# rm -rf /usr/src/nginx-1.16.0/                    //卸载完成

    [root@localhost ~]# tar xf nginx-1.16.0.tar.gz -C /usr/src

    [root@localhost ~]# cd /usr/src/nginx-1.16.0/

    [root@localhost nginx-1.16.0]# vim src/core/nginx.h

    修改文件前图示

    修改文件后图示

    [root@localhost nginx-1.16.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module

    [root@localhost nginx-1.16.0]# make

    [root@localhost nginx-1.16.0]# make install

    [root@localhost nginx-1.16.0]# curl -I http://192.168.200.120
    curl: (7) Failed connect to 192.168.200.120:80; 拒绝连接
    [root@localhost nginx-1.16.0]# netstat -anpt | grep nginx
    [root@localhost nginx-1.16.0]# nginx
    [root@localhost nginx-1.16.0]# netstat -anpt | grep nginx
    tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21446/nginx: master
    [root@localhost nginx-1.16.0]# curl -I http://192.168.200.120
    HTTP/1.1 200 OK
    Server: apache/2.4.31
    Date: Thu, 12 Sep 2019 04:15:38 GMT
    Content-Type: text/html
    Content-Length: 612
    Last-Modified: Thu, 12 Sep 2019 04:13:25 GMT
    Connection: keep-alive
    ETag: "5d79c5e5-264"
    Accept-Ranges: bytes

     方法2【修改配置文件】(不卸载Nginx隐藏版本号,直接修改配置文件)

    [root@localhost nginx-1.16.0]# curl -I http://192.168.200.115                           
    HTTP/1.1 200 OK  
    Server: nginx/1.16.0                                                                               //原版本号
    Date: Thu, 12 Sep 2019 05:38:07 GMT
    Content-Type: text/html
    Content-Length: 612
    Last-Modified: Thu, 12 Sep 2019 05:37:35 GMT
    Connection: keep-alive
    ETag: "5d79d99f-264"
    Accept-Ranges: bytes

    [root@localhost nginx-1.16.0]# vim /usr/local/nginx/conf/nginx.conf

    在sendfile on;后添加一行命令:

    server_tokens off;

    [root@localhost nginx-1.16.0]# nginx -t
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

    [root@localhost nginx-1.16.0]# killall -HUP nginx                                     //重新加载配置
    [root@localhost nginx-1.16.0]# curl -I http://192.168.200.115                  
    HTTP/1.1 200 OK
    Server: nginx                                                                                            //修改后的版本号
    Date: Thu, 12 Sep 2019 05:45:43 GMT
    Content-Type: text/html
    Content-Length: 612
    Last-Modified: Thu, 12 Sep 2019 05:37:35 GMT
    Connection: keep-alive
    ETag: "5d79d99f-264"
    Accept-Ranges: bytes

    修改php版本号

    如果php配制文件中配置了 fastcgi_param SERVER_SOFTWARE 选项,则编辑php-fpm配置文件,将fastcgi_param SERVER_SOFTWARE对应值修改为 fastcgi_param SERVER_SOFTWARE nginx;

  • 相关阅读:
    STL源码剖析之_allocate函数
    PAT 1018. Public Bike Management
    PAT 1016. Phone Bills
    PAT 1012. The Best Rank
    PAT 1014. Waiting in Line
    PAT 1026. Table Tennis
    PAT 1017. Queueing at Bank
    STL源码剖析之list的sort函数实现
    吃到鸡蛋好吃,看看是哪只母鸡下的蛋:好用的Sqlite3
    cJSON
  • 原文地址:https://www.cnblogs.com/L1-5551/p/11518460.html
Copyright © 2011-2022 走看看