nginx安全

餘二五發表於2017-11-24

1.隱藏版本號和server資訊

[root@node1 nginx-1.8.0]# vim src/core/nginx.h 

#define NGINX_VERSION       “”

#define NGINX_VER          “tingyun/” NGINX_VERSION

#define NGINX_VAR          “tingyun

[root@node1 nginx-1.8.0]# vim src/http/ngx_http_header_filter_module.c 

static char ngx_http_server_string[] = “” CRLF;

static char ngx_http_server_full_string[] = “” NGINX_VER CRLF;

[root@node1 nginx-1.8.0]# vim src/http/ngx_http_special_response.c 

“<hr><center>tingyun</center>” CRLF

[root@node1 nginx-1.8.0]# ./configure  –prefix=/usr/local/nginx-1.8.0  –with-file-aio  –with-poll_module  –with-pcre  –without-http_autoindex_module  –without-http_ssi_module  –without-mail_pop3_module  –without-mail_smtp_module  –without-mail_imap_module

[root@node1 nginx-1.8.0]# make && make install


2.下載安裝modsecurity安全模組

[root@node1 ~]# yum install libtool httpd-devel libevent libevent-devel library-devel -y

[root@node1 ~]# tar xvf ModSecurity-2.9.0.tar.gz 

[root@node1 ModSecurity-2.9.0]# ./configure –enable-standalone-module –disable-mlogc

[root@node1 ModSecurity-2.9.0]# make

[root@node1 nginx-1.8.0]# ./configure  –prefix=/usr/local/nginx-1.8.0  –with-file-aio  –with-poll_module  –with-pcre  –without-http_autoindex_module  –without-http_ssi_module  –without-mail_pop3_module  –without-mail_smtp_module  –without-mail_imap_module –add-module=/root/ModSecurity-2.9.0/nginx/modsecurity/

[root@node1 nginx-1.8.0]# make && make install

本文轉自 z597011036 51CTO部落格,原文連結:http://blog.51cto.com/tongcheng/1718132,如需轉載請自行聯絡原作者


相關文章