Modify server Type Some adjustments are made in order to prevent people from being used by the graph. For example, the current use of a low version is just a leak, if found, it is not dangerous.
1. Hide version number, modify nginx.conf, join in HTTP block
Then reload the Nginx, you can see that the server's head is also without a version number, or you can view it by 404
2. Return custom Server type
By Curl-i http://127.0.0.1 View the current type or some webmaster tools can be seen, you can modify a GWS or GFW to deter some use of tool scanning the guy
Specific methods:
Then recompile to view the effect (SERVER:GWS)
Here is the supplemental content:
Modify the Nginx version name to disguise any web SERVER
Either as a Web server or as a reverse proxy server for other types of programs, Nginx ("Engine X") has a high performance and lightweight advantage. It is characterized by a small amount of memory, concurrency is strong, in fact, Nginx's concurrency ability does in the same type of Web server performance better. It also allows Nginx to be widely used today, whether it's a large portal on a highly-equipped stand-alone server, or a small personal blog that resides on a mini 64M memory VPS.
Domestic Taobao, Sina, NetEase, Tencent, etc. are in use. Taobao is based on the original author of the Bsd-like Agreement, in its source code based on the development of Tengine, this is not the table.
Today we say how to modify Nginx's internal default name. This is very useful for safety or for loading.
We all know what the general Nginx has to show for internal names, such as having passed HTTP Response
Server in header, footer of error page, fpm-fastcgi, and so on.
Generally modified 3 positions, one is nginx.h, the other is ngx_http_header_filter_module.c, there is a ngx_http_special_response.c.
Hint: The following modifications need to be made before compiling the installation Nginx, and then compiled
Now the Web server is widely used, against it more and more attacks, Nginx this thing debut time is not long, although many domestic portal sites with it, small memory VPS users also love it, but I do not want to one day it burst a blockbuster bug, the last 80sec released Nginx related PHP FPM vulnerability is a warning oh, if the disguise of my nginx server, the attackers do not know what kind of Web server I am using, it will not start.
Modify Src/core/nginx.h (Nginx internal name)
Nginx_version is the version number, Nginx_ver is the name
Modify SRC/HTTP/NGX_HTTP_HEADER_FILTER_MODULE.C (http Responseheader)
Why not modify the fastcgi.conf after installing the Nginx config?
Because now the outside is already unable to understand our server name, has achieved our goal.
And we commonly used some programs, may be your front-end (reverse proxy server) to make judgments, after all, Nginx is different from Apache, can not dynamic rules.
In particular, WordPress cache Plug-ins, most will be judged by whether you are nginx, if so, to remind you to add some rule statements.
At this point the fastcgi.conf is working, and the
Fastcgi_param Server_software
nginx/$nginx _version allows you to get to know each other inside of PHP and Nginx.
So my advice, or do not modify the fastcgi.conf, of course, you have to change, you can.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
