Hidden version number of Nginx Security Optimization

Hidden version number of Nginx Security Optimization

Security has always been a problem that cannot be ignored on the Internet. Today, we will introduce the hidden version information of Nginx. If someone else does not know your version, they will not be able to use the Nginx vulnerability to launch attacks. Nginx software is open-source, but the source code also carries version information. You can modify the source code to hide version information.

Version display

[Root @ bkjia ~] # Curl-I 192.168.1.7 | grep Server

Server: nginx/1.8.1 # nginx Software Version

Web Container version of 51CTO

[Root @ bkjia nginx-1.8.1] # curl-I www.51cto.com | grep Server

Server: Tengine # Hides version information

Version hiding makes version vulnerabilities unusable

Modify nginx source code to hide nginx version information

File 1 "nginx-1.8.1/src/core/nginx. h" 12 rows-23 rows

Original configuration file

[Root @ bkjia tools] # sed-n'12, 23p' nginx-1.8.1/src/core/nginx. h

# Define nginx_version 1008001

# Define NGINX_VERSION "1.8.1" # modify the version to be displayed, for example, 2.2.23

# Define NGINX_VER "nginx/" NGINX_VERSION

# Change nginx to the software name you want to display

# Ifdef NGX_BUILD

# Define NGINX_VER_BUILD NGINX_VER "(" NGX_BUILD ")"

# Else

# Define NGINX_VER_BUILD NGINX_VER

# Endif

# Define NGINX_VAR "NGINX" # Change nginx to the name of the software to be displayed (Evan Web Server)

# Define NGX_OLDPID_EXT ". oldbin"

After modification

[Root @ bkjia tools] # sed-n'12, 23p' nginx-1.8.1/src/core/nginx. h

# Define nginx_version 1008001

# Define NGINX_VERSION "2.2.23" # change the version to 2.2.23

# Define NGINX_VER "EWS/" NGINX_VERSION

# Change nginx to EWS

# Ifdef NGX_BUILD

# Define NGINX_VER_BUILD NGINX_VER "(" NGX_BUILD ")"

# Else

# Define NGINX_VER_BUILD NGINX_VER

# Endif

# Define NGINX_VAR "EWS" # Change nginx to EWS

# Define NGX_OLDPID_EXT ". oldbin"

File 2 "nginx-1.8.1/src/http/ngx_http_header_filter_module.c" 49 rows

Source File

[Root @ bkjia tools] # sed-n '49p' nginx-1.8.1/src/http/ngx_http_header_filter_module.c

Static char ngx_http_server_string [] = "Server: nginx" CRLF; # Change nginx to the desired version.

After modification

[Root @ bkjia tools] # sed-n '49p' nginx-1.8.1/src/http/ngx_http_header_filter_module.c

Static char ngx_http_server_string [] = "Server: EWS" CRLF; # Change nginx to EWS

Display version with Link modification Error

Error link website display

Access Error links may also expose version information.

File 3 "nginx-1.8.1/src/http/ngx_http_special_response.c" 29 rows

Source File

[Root @ bkjia tools] # sed-n '21, 31p' nginx-1.8.1/src/http/ngx_http_special_response.c

"<Hr> <center> nginx </center>" CRLF # Change nginx to the desired version.

After modification

[Root @ bkjia tools] # sed-n '29p' nginx-1.8.1/src/http/ngx_http_special_response.c

"<Hr> <center> EWS </center>" CRLF

Recompile and install the SDK. The following results are displayed:

Compilation and installation method:

Version Information

[Root @ bkjia nginx-1.8.1] # curl-I 192.168.1.7

HTTP/1.1 200 OK

Server: EWS/2.2.23 # change to EWS/2.2.23

Date: Thu, 07 Apr 2016 11:51:41 GMT

Content-Type: text/html

Content-Length: 612

Last-Modified: Thu, 07 Apr 2016 11:50:40 GMT

Connection: keep-alive

ETag: "57064990-264"

Accept-Ranges: bytes

Error link Modification result

The version information is changed for the link with an access error.

For more Nginx tutorials, see the following:

Deployment of Nginx + MySQL + PHP in CentOS 6.2

Build a WEB server using Nginx

Build a Web server based on Linux6.3 + Nginx1.2 + PHP5 + MySQL5.5

Performance Tuning for Nginx in CentOS 6.3

Configure Nginx to load the ngx_pagespeed module in CentOS 6.3

Install and configure Nginx + Pcre + php-fpm in CentOS 6.4

Nginx installation and configuration instructions

Nginx log filtering using ngx_log_if does not record specific logs

Nginx details: click here
Nginx: click here

This article permanently updates the link address: