Nginx 之版本信息安全优化

Nginx 社区非常活跃，版本也一直在更新迭代。有些版本会有一些 bug，访问 Nginx 可以随时看到 Nginx 版本，这边文章介绍如何隐藏它。

实验平台：CentOS 7.7.1908

Nginx version： openresty/1.17.8.2

一、修改配置文件隐藏版本信息

1.修改前

$ curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: openresty/1.17.8.2
Date: Sat, 10 Oct 2020 07:54:21 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 649
Last-Modified: Fri, 21 Aug 2020 03:53:56 GMT
Connection: keep-alive
ETag: "5f3f4554-289"
Accept-Ranges: bytes

2.修改配置文件

$ vim /usr/local/nginx/conf/nginx.conf

http{
    server_tokens off;
    #隐藏 nginx 版本信息
}
`

3.修改后

$ curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 10 Oct 2020 07:58:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 649
Last-Modified: Fri, 21 Aug 2020 03:53:56 GMT
Connection: keep-alive
ETag: "5f3f4554-289"
Accept-Ranges: bytes

二、修改编译包

1.修改需要显示的版本号

$ vim /path/nginx-1.16.1/src/core/nginx.h
# Nginx 默认路径，我这里使用的 OpenResty 包；ptah 是你的 nginx 解压的绝对路径
$ vim /path/openresty/bundle/nginx-1.17.8/src/core/nginx.h

/*
 * Copyright (C) Igor Sysoev
 * Copyright (C) Nginx, Inc.
 */


#ifndef _NGINX_H_INCLUDED_
#define _NGINX_H_INCLUDED_


#define nginx_version      1016001
#define NGINX_VERSION      "666"        #你需要显示的版本号
#define NGINX_VER          "linlikesi/" NGINX_VERSION    #版本号前缀

#ifdef NGX_BUILD
#define NGINX_VER_BUILD    NGINX_VER " (" NGX_BUILD ")"
#else
#define NGINX_VER_BUILD    NGINX_VER
#endif

#define NGINX_VAR          "linlikesi"    #版本号前缀
#define NGX_OLDPID_EXT     ".oldbin"


#endif /* _NGINX_H_INCLUDED_ */

2.修改 Curl 出来显示的名称

$ vim /path/nginx-1.16.1/src/http/ngx_http_header_filter_module.c
# Nginx 默认路径，我这里使用的 OpenResty 包；ptah 是你的 nginx 解压的绝对路径
$ vim /path/openresty/bundle/nginx-1.17.8/src/http/ngx_http_header_filter_module.c

static u_char ngx_http_server_string[] = "Server: linlikesi" CRLF;

3.Web 访问报错展示的版本号

$ vim /path/nginx-1.16.1/src/http/ngx_http_special_response.c
# Nginx 默认路径，我这里使用的 OpenResty 包；ptah 是你的 nginx 解压的绝对路径
$ vim /path/openresty/bundle/nginx-1.17.8/src/http/ngx_http_special_response.c
  1 
  2 /*
  3  * Copyright (C) Igor Sysoev
  4  * Copyright (C) Nginx, Inc.
  5  */
  6 
  7 
  8 #include <ngx_config.h>
  9 #include <ngx_core.h>
 10 #include <ngx_http.h>
 11 #include <nginx.h>
 12 
 13 
 14 static ngx_int_t ngx_http_send_error_page(ngx_http_request_t *r,
 15     ngx_http_err_page_t *err_page);
 16 static ngx_int_t ngx_http_send_special_response(ngx_http_request_t *r,
 17     ngx_http_core_loc_conf_t *clcf, ngx_uint_t err);
 18 static ngx_int_t ngx_http_send_refresh(ngx_http_request_t *r);
 19 
 20 
 21 static u_char ngx_http_error_full_tail[] =
 22 "<hr><center>linlikesi(blog.kjarbo.com)</center>" CRLF
 23 "</body>" CRLF
 24 "</html>" CRLF
 25 ;
 26 
 27 
 28 static u_char ngx_http_error_build_tail[] =
 29 "<hr><center>linlikesi(blog.kjarbo.com)</center>" CRLF
 30 "</body>" CRLF
 31 "</html>" CRLF
 32 ;
 33 
 34 
 35 static u_char ngx_http_error_tail[] =
 36 "<hr><center>linlikesi(blog.kjarbo.com)</center>" CRLF
 37 "</body>" CRLF
 38 "</html>" CRLF
 39 ;
 40 
 41 
 42 static u_char ngx_http_msie_padding[] =
 43 "<!-- a padding to disable MSIE and Chrome friendly error page -->" CRLF
 44 "<!-- a padding to disable MSIE and Chrome friendly error page -->" CRLF
 45 "<!-- a padding to disable MSIE and Chrome friendly error page -->" CRLF
 46 "<!-- a padding to disable MSIE and Chrome friendly error page -->" CRLF
 47 "<!-- a padding to disable MSIE and Chrome friendly error page -->" CRLF
 48 "<!-- a padding to disable MSIE and Chrome friendly error page -->" CRLF
 49 ;
 50

4.验证

$ curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: linlikesi/666
Date: Mon, 19 Oct 2020 22:41:48 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 19 Oct 2020 22:41:15 GMT
Connection: keep-alive
ETag: "5f8e160b-264"
Accept-Ranges: bytes
#可进一步使用修改配置文件隐藏版本号

Over ~

792 0 2020-10-09

打赏一下，各位朋友请随意打赏！

×

如果觉得我的文章对你有用，请随意赞赏

取消