Hide or modify nginx information

Details determine success or failure, server security is also the case! hiding or modifying nginx information is not a cool skill, just a small detail in nginx settings.

nginx version information in HTTP

Looking at the header of the HTTP request response, we will find the server parameter, which indicates what Web server is being used by the service side.

For example

Sina

Server:nginx

Open source China:

Server:tengine

Segmentfault didn't even return to server!.

Many sites not only return Nginx but also with the version number, and like the version number of this thing completely unnecessary to expose to the user, we can set Server_tokens off to hide the version number:

HTTP {include mime.types;    Default_type Application/octet-stream;  #log_format Main ' $remote _addr-$remote _user [$time _local] "$request" ' # ' $status $body _bytes_sent        "$http _referer" ' # ' "$http _user_agent" "$http _x_forwarded_for";    Server_tokens off; # #隐藏版本号

nginx version information in PHP

Even if the server_tokens is set to OFF, it does not mean that the version number of Nginx is completely invisible ~

we can see that although there is no version number in the header returned by HTTP, PHP can still get the version number of the Nginx, if you want to hide the version of PHP also need to modify the fastcgi.conf this file:

Remove the back/$nginx _version or comment out the line directly!

Fastcgi_param server_software nginx/$nginx _version;

Modify or hide nginx information

What if I want nginx to not show it? or modify Nginx for Tengine?

this time it's going to be modify Nginx source file src/core/ Nginx.h, for example, I asked Tengine to modify the Nginx:

/* * copyright  (c)  Igor Sysoev * Copyright  (c)  nginx, inc.  */#ifndef  _NGINX_H_INCLUDED_#define _NGINX_H_INCLUDED_#define nginx_version       1009005/* #define  NGINX_VERSION       "1.9.5" #define  NGINX_VER           "nginx/"  nginx_version*/# define nginx_version       "2.1.1" #define  NGINX_VER            "tengine/"  nginx_version#ifdef ngx_build#define nginx _ver_build    nginx_ver  "  ("  NGX_BUILD  ")" #else #define nginx_ver_ build    nginx_ver#endif#define nginx_var            "NGINX" #define  NGX_OLDPID_EXT      ". Oldbin" #endif  /*  _nginx_h_included_ */ 

You can also assign a value of nginx_ver to NULL, so that the server inside the header returned by HTTP is empty!

Note that if the Server_tokens is set to OFF, even if the source nginx_ver assignment is empty or changed to another value , the returned server is NGINX, but the version number is not displayed!

Hide or modify nginx information