标签:nginx安全
1.隐藏版本号和server信息
[root@node1 nginx-1.8.0]# vim src/core/nginx.h
#define NGINX_VERSION ""
#define NGINX_VER "tingyun/" NGINX_VERSION
#define NGINX_VAR "tingyun"
[root@node1 nginx-1.8.0]# vim src/http/ngx_http_header_filter_module.c
static char ngx_http_server_string[] = "" CRLF;
static char ngx_http_server_full_string[] = "" NGINX_VER CRLF;
[root@node1 nginx-1.8.0]# vim src/http/ngx_http_special_response.c
"<hr><center>tingyun</center>" CRLF
[root@node1 nginx-1.8.0]# ./configure --prefix=/usr/local/nginx-1.8.0 --with-file-aio --with-poll_module --with-pcre --without-http_autoindex_module --without-http_ssi_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module
[root@node1 nginx-1.8.0]# make && make install
2.下载安装modsecurity安全模块
[root@node1 ~]# yum install libtool httpd-devel libevent libevent-devel library-devel -y
[root@node1 ~]# tar xvf ModSecurity-2.9.0.tar.gz
[root@node1 ModSecurity-2.9.0]# ./configure --enable-standalone-module --disable-mlogc
[root@node1 ModSecurity-2.9.0]# make
[root@node1 nginx-1.8.0]# ./configure --prefix=/usr/local/nginx-1.8.0 --with-file-aio --with-poll_module --with-pcre --without-http_autoindex_module --without-http_ssi_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --add-module=/root/ModSecurity-2.9.0/nginx/modsecurity/
[root@node1 nginx-1.8.0]# make && make install
本文出自 “一起走过的日子” 博客,请务必保留此出处http://tongcheng.blog.51cto.com/6214144/1718132
标签:nginx安全
原文地址:http://tongcheng.blog.51cto.com/6214144/1718132
