How to Customize Server Header using NginX headers-more module

感情迁移 提交于 2020-02-13 12:05:58

http://wiki.nginx.org/HttpHeadersMoreModule#Version

headers_more

 

 

When you are browsing a website, you can check the type of web server running by retrieving the response server header. For example the following server response return for website http://www.debian-tutorials.com:

 

HTTP/1.1 200 OK
Server: Apache/2.2.22
Date: Mon, 04 Mar 2013 00:43:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
X-Pingback: http://www.debian-tutorials.com/xmlrpc.php
Cache-Control: max-age=7200
Expires: Mon, 04 Mar 2013 02:43:58 GMT
Vary: Accept-Encoding

 

From the information we can know that the web server is running on Apache version 2.2.22.

By using NginX you can personalize and customize your server header to the name that you want. Instead of showing the real web server name which is “nginx“  you can set for users to see the web server name as “my websites webserver“.

In this guide I will show you how to  customize server header using NginX headers-more module without compiling again the server.

1. Install Nginx webserver if you don’t have it installed already.

You can use this guide to do it: Setting up Nginx plus PHP FastCGI on Debian 6.0.6 Squeeze

2.Install nginx-extras package.

In Debian Squeeze exists one package called nginx-extras that contains some standard modules, plus extra features and modules like headers-more-module and others. You can find more info here: http://packages.debian.org/sid/nginx-extras

Install the nginx-extras packages like this:

apt-get install nginx-extras

 

3. Make some changes under  http directive to NginX configuration file which located under /etc/nginx/nginx.conf as below:

 

http {
#This is your web server name
more_set_headers "Server: Debian-Tutorials.com Web Server";

# Let NGINX get the real client IP for its access logs
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;

## Default log and error files.
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

Before you restart the NginX, make sure you check the configuration syntax:

nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If everything is okay you can restart the web server now:

 

/etc/init.d/nginx restart
[ ok ] Restarting nginx: nginx.

Now you can check the server header and you will notice that your customize web server name has appeared at the “Server” section.

HTTP/1.1 200 OK
Server: Debian-Tutorials.com Web Server
Date: Mon, 04 Mar 2013 00:43:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
X-Pingback: http://www.debian-tutorials.com/xmlrpc.php
Cache-Control: max-age=7200
Expires: Mon, 04 Mar 2013 02:43:58 GMT
Vary: Accept-Encoding

You can optionally add the following lines into NginX configuration file:

 

more_clear_headers   "Content-Type: ";
more_clear_headers   "Accept-Ranges: ";
more_clear_headers   "Content-Length: ";

After NginX restart, the full server header will be returned as below:

HTTP/1.1 200 OK
Date: Mon, 04 Mar 2013 01:15:32 GMT
Last-Modified: Tue, 26 Feb 2013 17:54:58 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Server: Debian-Tutorials.com Web Server

For more information about more-headers you can check this page:http://wiki.nginx.org/HttpHeadersMoreModule

http://www.debian-tutorials.com/how-to-customize-server-header-using-nginx-headers-more-module

 

 http://www.hostsoft.cn/blog/2012/04/02/ding-zhi-NGINX-de-Header-fan-hui-xin-xi-Nginx-an-quan-jiao-cheng/

 

因为通常我们不愿意把服务器所使用的版本信息 服务器web软件信息 返回给用户 这样可以避免很多安全性问题 因为对方无法判断你的web服务器是什么软件 什么版本 也就少了很多入侵的可能性

比如 我们使用 curl -I www.baidu.com

[root@host194 ~]# curl -I www.baidu.com HTTP/1.1 200 OK Date: Mon, 02 Apr 2012 12:20:58 GMT Server: BWS/1.0 Content-Length: 7869 Content-Type: text/html;charset=gb2312 Cache-Control: private Expires: Mon, 02 Apr 2012 12:20:58 GMT Set-Cookie: BAIDUID=015BC91EC78AAA90FAE9AAAF4DF1043F:FG=1; expires=Mon, 02-Apr-42 12:20:58 GMT; path=/; domain=.baidu.com P3P: CP=” OTI DSP COR IVA OUR IND COM ” Connection: Keep-Alive

可以返回百度使用的web服务器为 BWS/1.0 因为这个是他们自己开发定制的 全称为Baidu Web Service 版本为1.0

那么如何修改掉这个header头呢? 我们以Nginx为例 先安装nginx的依赖包

yum install -y lynx pcre* openssl* zlib*

在安装 nginx 我们以编译方式安装

$ cd /usr/local/src $ wget http://nginx.org/download/nginx-1.0.13.tar.gz $ tar -xzf nginx-1.0.13.tar.gz $ cd nginx-* $ ./configure $ make $ make install

接着在下载 NginX headers-more 模块 开源官方网站为 https://github.com/agentzh/headers-more-nginx-module

$ cd /usr/local/src $ lynx https://github.com/agentzh/headers-more-nginx-module/zipball/v0.17rc1

把解压的文件移动到nginx的MOD目录

$ mkdir /usr/local/nginx/mod $ unzip agentzh-headers-more-nginx-module-v0.17rc1-0-g3580526.zip $ mv agentzh-headers-more-nginx-module-3580526 headers-more $ mv headers-more /usr/local/nginx/mod

重新在编译一次 注意这个时候需要指定模块 否则无法自动编译

$ cd /usr/local/src/nginx* $ ./configure –add-module=/usr/local/nginx/mod/headers-more/ $ make $ make install

现在我们添加一个虚拟主机

$ useradd -m mywebs $ mkdir /home/mywebs/public_html | mkdir /home/mywebs/logs $ touch /home/mywebs/logs/access_log | touch /home/mywebs/logs/error_log $ chown mywebs.mywebs * -R $ chmod 755 /home/mywebs

nginx.conf 的配置文件为

user nobody; worker_processes 1;

error_log logs/error.log info;

events { worker_connections 1024; }

http { #下面第一条就是你的web服务器名字 可以直接修改 more_set_headers “Server: HostSoft Web Server”; server_names_hash_max_size 2048; include mime.types; default_type application/octet-stream;

log_format main ‘$remote_addr – $remote_user [$time_local] $status ‘ ‘”$request” $body_bytes_sent “$http_referer” ‘ ‘”$http_user_agent” “$http_x_forwarded_for”‘;

sendfile on; tcp_nopush on;

keepalive_timeout 10;

gzip on;

server {

# this is your access logs location access_log /home/mywebs/logs/access_log; # this is your error logs location error_log /home/mywebs/logs/error_log warn; listen 80; # change to your domain server_name mywebserver.net www.mywebserver.net;

location / { # this is your public_html directory root /home/mywebs/public_html; index index.html index.htm; } } }

好了 现在我们先测试下配置文件是不是正确

/usr/local/nginx/sbin/nginx -t

然后在启动

/usr/local/nginx/sbin/nginx

这个时候使用 curl -I www.你的域名.com 测试 返回

Date: Tue, 13 Mar 2012 04:50:14 GMT Connection: keep-alive Content-Length: 23 Last-Modified: Tue, 13 Mar 2012 04:29:33 GMT Server: HostSoft Web Server Content-Type: text/html Accept-Ranges: bytes

改了吧?

我们还可以设置

more_clear_headers “Content-Type: “; more_clear_headers “Accept-Ranges: “; more_clear_headers “Content-Length: “;

这样就不会返回这些信息了 返回的 应该是

Date: Tue, 13 Mar 2012 04:50:14 GMT Connection: keep-alive Last-Modified: Tue, 13 Mar 2012 04:29:33 GMT Server: HostSoft Web Server

 

 

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!