安全优化-隐藏版本号server_tokens
Syntax: server_tokens on | off | build | string;
Default: server_tokens on;
Context: http, server, location
在主配置文件nginx.conf、虚拟主机的配置文件中配置,选一个配置即可
官方文档地址:http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens
在主配置文件nginx.conf加入
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| [root@web01 conf]# cat /application/nginx/conf/nginx.conf
worker_processes 2;
error_log logs/error.log;
#配置Nginx worker进程最大打开文件数
worker_rlimit_nofile 65535;
user www www;
events {
#单个进程允许的客户端最大连接数
worker_connections 20480;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#访问日志配置
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#虚拟主机
include /application/nginx/conf/extra/www.conf;
include /application/nginx/conf/extra/blog.conf;
include /application/nginx/conf/extra/bbs.conf;
include /application/nginx/conf/extra/edu.conf;
include /application/nginx/conf/extra/phpmyadmin.conf;
include /application/nginx/conf/extra/status.conf;
#隐藏版本号
server_tokens off;
}
|
在虚拟主机的配置文件中添加
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| [root@web01 conf]# cat /application/nginx/conf/extra/www.conf
server {
listen 80;
server_name www.abc.com;
rewrite ^(.*)$ https:
}
server {
listen 443;
server_name www.abc.com;
#https证书
ssl on;
ssl_certificate /application/nginx/conf/key/server.crt;
ssl_certificate_key /application/nginx/conf/key/server.key;
#访问日志
access_log logs/access_www.log main buffer=32k flush=5s;
location / {
root html/www;
index index.php index.html index.htm;
}
#隐藏版本号
server_tokens off;
#php解析
location ~ .*\.(php|php5)?$ {
root html/www;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
|
on 的状态:
off的状态:
