1.1 隐藏Nginx header内版本号信息
一些特定的系统及服务漏洞一般都和特定的软件版本号有关,我们应尽量隐藏服务器的敏感信息(软件名称及版本等信息),这样黑客无法猜到有漏洞的服务是否是对应服务的版本,从而确保web服务最大的安全。
[[email protected] ~]# curl -I 192.168.0.102
HTTP/1.1 200 OK
Server: Nginx/1.6.2 --优化隐藏这个版本号
Date: Fri,14 Jun 2019 08:25:07 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.27
配置参数如下:
[[email protected] ~]# cat /application/Nginx/conf/Nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
server_tokens off;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/www.conf;
# include extra/bbs.conf;
}
测试:
}
[[email protected] ~]# /application/Nginx/sbin/Nginx -s reload
[[email protected] ~]# curl -I 192.168.0.102
HTTP/1.1 200 OK
Server: Nginx --版本消失Date: Fri,14 Jun 2019 08:39:15 GMTContent-Type: text/htmlConnection: keep-alive