1.nginx.conf配置文件基本参数优化
?? 1.1 隐藏nginx header内版本号信息
? ? ? ? ? ?? 一些特定的系统及服务漏洞一般都和特定的软件版本号有关,我们应尽量隐藏服务器的敏感信息(软件名称及版本等信息),这样黑客无法猜到有漏洞的服务是否是对应服务的版本,从而确保web服务最大的安全。
? ? ?[[email?protected] ~]# curl -I 192.168.0.102
? ?? HTTP/1.1 200 OK
? ?? Server: nginx/1.6.2? --优化隐藏这个版本号
? ? ? Date: Fri,14 Jun 2019 08:25:07 GMT
? ? ? Content-Type: text/html
? ? ? Connection: keep-alive
? ?? X-Powered-By: PHP/5.3.27
配置参数如下:
?[[email?protected] ~]# cat /application/nginx/conf/nginx.conf?
worker_processes? 1;
events {
??? worker_connections? 1024;
}
http {
??? server_tokens off;
??? include?????? mime.types;
??? default_type? application/octet-stream;
??? sendfile??????? on;
??? keepalive_timeout? 65;
???
??? include extra/www.conf;
?? # include extra/bbs.conf;
??? }
测试:
? ???? }
[[email?protected] ~]# /application/nginx/sbin/nginx -s reload
[[email?protected] ~]# curl -I 192.168.0.102?????????????????
HTTP/1.1 200 OK
Server: nginx? --版本消失Date: Fri,14 Jun 2019 08:39:15 GMTContent-Type: text/htmlConnection: keep-alive
