This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Server configuration Completely hide the security and methods of Nginx version number
View: 16229|Reply: 7

[Web] Completely hide the security and methods of Nginx version number

[Copy link]
Posted on 6/16/2015 11:16:37 PM | | | |
By default, Nginx displays the version number, such as:
[root@bkjz ~]# curl -I www.nginx.org
HTTP/1.1 200 OK
Server: nginx/0.8.44
Date: Tue, 13 Jul 2010 14:05:11 GMT
Content-Type: textml
Content-Length: 8284
Last-Modified: Tue, 13 Jul 2010 12:00:13 GMT
Connection: keep-alive
Keep-Alive: timeout=15
Accept-Ranges: bytes
This shows that your server nginx version is 0.8.44, and some Nginx version vulnerabilities have been exposed some time ago, that is, some versions have vulnerabilities and some versions do not. In this way, the exposed version number can easily become information that attackers can exploit. Therefore, from a security point of view, hiding the version number will be relatively safer!
For security, I want to hide the nginx version number information in the HTTP request response header:

1. Add server_tokens off to the nginx configuration file;

server_tokens scope is http server locatio to remove the n statement block

server_tokens default value is on, which means that the version information is displayed, and the server_tokens value is off, you can hide the version information of nginx everywhere.



2. If the fastcgi_param SERVER_SOFTWARE is set in the php configuration file, find this line and modify it:

Edit the php-fpm configuration file, such as fastcgi.conf or fcgi.conf (this configuration file name can also be customized, depending on the specific file name):

Found it:
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
Changed to:
fastcgi_param SERVER_SOFTWARE nginx;

3. Restart nginx to reload the configuration file and finish






Previous:"Tear cabbage" magnetically searches for source code and billions of databases
Next:Close the php X-Powered-By message

Related Posts
 Landlord| Posted on 6/16/2015 11:42:56 PM |
After the modification is completed, you can use the webmaster tool http://tool.chinaz.com/ to test it

Posted on 1/15/2016 2:32:11 PM |
There is an error in the above method, which is to modify the nginx configuration file:
/nginx/conf/fastcgi_params

Inside:



Find fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

Just modify it!
Posted on 1/15/2016 2:44:16 PM |


1. Hide the Nginx version number
Step 1:
vi /usr/localinx/confinx.conf
http{}
server_tokens off;

Posted on 1/19/2016 12:37:55 PM |
admin posted on 2016-1-15 14:44
1. Hide the Nginx version number
Step 1:
vi /usr/localinx/confinx.conf

Correct answer
Posted on 3/22/2016 2:15:47 PM |
Xiao Zhazha Posted on 2016-1-19 12:37
Correct answer

It is the nginx.conf configuration file of the conf in nginx
Posted on 7/26/2017 9:31:57 AM |


nginx.conf correctly hides version methods
Posted on 10/18/2017 2:00:13 PM |
Like a 。。。。。。。。。。。。。。。。。
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com