Home > Cloud Computing > Cloud Security

Simply modify the basic header to make the server more secure

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Today, we can see the Response header returned by the server with such information.

Server: nginx/1.4.0
X-Powered-By: PHP/5.5.1
Content-Encoding: gzip:

The first shows the webserver used by the server and the version number.
Article 2 shows the script language and version number.
Article 3 shows how to compress through gzip
Security Questions:
The first two versions will undoubtedly expose the server version information. If any BUG occurs in the release version, the server vulnerabilities will be exposed.

Disable Nginx version display
Nginx will display a highlighted version number prompt in the http header or when an error page appears.
To ensure security, you can disable this information.
The method is simple. You only need to add the server_tokens parameter to the http {} of nginx. conf.
For example:

Http {include mime. types; default_type application/octet-stream; server_tokens off; # disable client_header_timeout 3 m; client_body_timeout 3 m; send_timeout 3 m; #...} overload webserver

Nginx reload

Note: It is a heavy load, not a restart!
The test results using the curl tool are as follows:

HTTP/1.1 301 Moved PermanentlyServer: nginxDate: Fri, 11 Dec 2009 01:47:53 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveKeep-Alive: timeout=20Location: http://levi.cg.am/



Disable php X-Powered-By information
Modify the php. ini file and set

Expose_php = Off restart the php Service

Php-fpm restart

Disable gzip output
This is a question.

Php writes a cache with no refreshing output, but it is invalid when nginx sets gzip compression. How can I set php to disable gzip output on the current page?

I tried to set php. ini to disable it.

Ini_set ('zlib. output_compression ', 'off ');

I think it may be because my gzip output is set through nginx.

 

Of course, you cannot use nginx to disable gzip for the whole site. I only want to disable gzip for the current page, so I can only disable gzip compression through header output.

Header ('content-Encoding: none'. PHP_EOL );

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More