Nginx The default is to display the version number, such as:
[ROOT@BKJZ ~]# curl-i www.45it.com
http/1.1 OK
server:nginx/0.8.44
Date:tue, 14:05:11 GMT
Content-type:text/html
content-length:8284
Last-modified:tue, 12:00:13 GMT
Connection:keep-alive
Keep-alive:timeout=15
Accept-ranges:bytes
This will give people see your server Nginx version is 0.8.44, some time ago some nginx version of the vulnerability, that is, some versions have vulnerabilities, and some versions do not. This exposed version number becomes easily available to attackers. So, from a security standpoint, the hidden version number is relatively safe!
The Nginx version number can be hidden? In fact, look at my steps below:
1, enter the Nginx configuration file directory (this directory according to the installation decision), with vim edit open
# Vim Nginx.conf
Add Server_tokens off in HTTP {-}; Such as:
HTTP {
...... Omitted
Sendfile on;
Tcp_nopush on;
Keepalive_timeout 60;
Tcp_nodelay on;
Server_tokens off;
... omit.
}
2, edit php-fpm configuration file, such as fastcgi.conf or fcgi.conf (this profile name can also be customized, according to the specific file name modified):
Found it:
Fastcgi_param server_software nginx/$nginx _version;
To
Fastcgi_param Server_software Nginx;
3, Reload Nginx configuration:
#/etc/init.d/nginx Reload
This completely hides the Nginx version number, that is, 404, 501 and other pages will not show the Nginx version.
The following test:
[ROOT@BKJZ ~]# curl-i www.45it.com
http/1.1 OK
Server:nginx
Date:tue, 14:26:56 GMT
content-type:text/html; Charset=utf-8
Connection:keep-alive
Vary:accept-encoding
......
Firefox in the server information display tool can not display the Nginx version number (in fact, this tool is also used curl command detection) as shown:
OK, finished.