通常nginx服务器不隐藏服务器类型及版本信息
curl -I http://www.aaa.com
获取web服务器的类型和版本代码
HTTP/1.1 200 OK
Server: nginx nginx/0.8.53
Date: Tue, 14 Dec 2010 08:10:06 GMT
Content-Type: text/html
Content-Length: 151
Last-Modified: Mon, 13 Dec 2010 09:39:55 GMT
Connection: keep-alive
Accept-Ranges: bytes
这对于服务器安全来说是个隐患,用以下方法可以改善这种情况
1. 编辑源代码../src/http/ngx_http_header_filter_module.c
修改前代码
48 static char ngx_http_server_string[] = “Server: nginx” CRLF;
49 static char ngx_http_server_full_string[] = “Server: ” NGINX_VER CRLF;
改为
修改后代码
48 static char ngx_http_server_string[] = “Server: test 1.0 ” CRLF;
49 static char ngx_http_server_full_string[] = “Server: test 1.0 ” NGINX_VER CRLF;
然后编译安装。
2. 编辑/usr/local/nginx/conf/nginx.conf,添加
server_tokens off;
重新启动nginx
/usr/local/nginx/sbin/nginx -s reload
最终结果如下
curl -I http://www.aaa.com
被修改后的服务器信息代码
HTTP/1.1 200 OK
Server: test 1.0
Date: Tue, 14 Dec 2010 08:24:32 GMT
Content-Type: text/html
Content-Length: 151
Last-Modified: Mon, 13 Dec 2010 09:39:55 GMT
Connection: keep-alive
Accept-Ranges: bytes