Disguise nginx version to prevent web Server intrusion

In order to prevent hackers from scanning web server information, find the corresponding version vulnerabilities through the corresponding web server information, so as to intrude into the web server, nginx is powerful, but also software, software may have vulnerabilities, such as the nginx-0.6.32 version, which by default may cause server errors to parse any type of files in php, for example, if a jpg Trojan is uploaded to a Forum website and the vulnerability is parsed into a php webshell, attackers can intrude into the website to obtain server permissions, which may cause serious security problems, this allows hackers to attack nginx servers that support php. If the nginx version is exposed and there are security vulnerabilities in the version, your web server will be at risk.

For nginx server, you can modify the nginx header description in the source code, the following take the nginx-1.2.0 version as an example.

• [Root @ www nginx-1.2.0] # cd src/core/
• [Root @ www core] # vim nginx. h ------- edit nginx. h file

Then, compile and install the SDK properly.

Test Results

Scan hosts with powerful nmap

Use curl to obtain http Request Information

You can also view the effect by accessing a nonexistent URL.

We can see that whether nmap is used to scan the host, or curl is used to obtain the request information for the website http message, or even a nonexistent url of the access request, the web server uses Apache2.2.2, thus hiding our real web server version is the nginx-1.2.0 version, of course, here can be disguised as IIS, Lighthttp, Tengine and even custom names can be, in short, confused the ideas of intruders, protects the security of web servers.

Supplement: if a friend left me a message saying that the 404 page still shows the nginx style, modify the default 404 page.

Add the following content to nginx. conf to specify the 404 page path (/usr/local/nginx/html)

Reload the configuration file

Access a page that does not exist, and you can see the effect!

 

1. /*
2. * Copyright (C) Igor Sysoev
3. * Copyright (C) Nginx, Inc.
4. */
5.  
6.  
7. # Ifndef _ NGINX_H_INCLUDED _
8. # Define _ NGINX_H_INCLUDED _
9.  
10.  
11. # Define nginx_version 1002000
12. # Define NGINX_VERSION "2.2.2" // The default value is 1.2.0.
13. # Define NGINX_VER "Apache/" NGINX_VERSION // Nginx is used by default.
14.  
15. # Define NGINX_VAR "NGINX"
16. # Define NGX_OLDPID_EXT ". oldbin"
17.  
18.  
19. # Endif/* _ NGINX_H_INCLUDED _*/
    1. Error_page 404/404 .html;
    2. Location =/404.html {
    3. Root html;
    4. }
    1. /Usr/local/nginx/sbin/nginx-s reload