信息泄露類型:HTTP服務器響應頭Server字段信息泄露
示例:
解決:
需要重新對nginx編譯安裝:
[root@localhost ~]# tar zxvf nginx-1.8.1.tar.gz
進入nginx目錄,修改src/http/ngx_http_header_filter_module.c:
[root@localhost nginx-1.8.1]# vim src/http/ngx_http_header_filter_module.c
修改:
內容: static char ngx_http_server_string[] = "Server: nginx" CRLF; static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF; 更改為: static char ngx_http_server_string[] = "Server: X-Web" CRLF; static char ngx_http_server_full_string[] = "Server:X-Web " CRLF;
編譯安裝:
[root@localhost nginx-1.8.1]# ./configure --prefix=/data/nginx --with-http_stub_status_module [root@localhost nginx-1.8.1]# make && make install
重啟nginx:
[root@localhost sbin]# service nginx restart
驗證:
