http://wiki.nginx.org/HttpHeadersMoreModule#Version
headers_more
When you are browsing a website, you can check the type of web server running by retrieving the response server header. For example the following server response return for website http://www.debian-tutorials.com:
HTTP/1.1 200 OK Server: Apache/2.2.22 Date: Mon, 04 Mar 2013 00:43:59 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.2.17 X-Pingback: http://www.debian-tutorials.com/xmlrpc.php Cache-Control: max-age=7200 Expires: Mon, 04 Mar 2013 02:43:58 GMT Vary: Accept-Encoding
From the information we can know that the web server is running on Apache version 2.2.22.
By using NginX you can personalize and customize your server header to the name that you want. Instead of showing the real web server name which is “nginx“ you can set for users to see the web server name as “my websites webserver“.
In this guide I will show you how to customize server header using NginX headers-more module without compiling again the server.
1. Install Nginx webserver if you don’t have it installed already.
You can use this guide to do it: Setting up Nginx plus PHP FastCGI on Debian 6.0.6 Squeeze
2.Install nginx-extras package.
In Debian Squeeze exists one package called nginx-extras
that contains some standard modules, plus extra features and modules like headers-more-module
and others. You can find more info here: http://packages.debian.org/sid/nginx-extras
Install the nginx-extras
packages like this:
apt-get install nginx-extras
3. Make some changes under http directive to NginX configuration file which located under /etc/nginx/nginx.conf as below:
http { #This is your web server name more_set_headers "Server: Debian-Tutorials.com Web Server"; # Let NGINX get the real client IP for its access logs set_real_ip_from 127.0.0.1; real_ip_header X-Forwarded-For; ## Default log and error files. access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log;
Before you restart the NginX, make sure you check the configuration syntax:
nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
If everything is okay you can restart the web server now:
/etc/init.d/nginx restart [ ok ] Restarting nginx: nginx.
Now you can check the server header and you will notice that your customize web server name has appeared at the “Server” section.
HTTP/1.1 200 OK Server: Debian-Tutorials.com Web Server Date: Mon, 04 Mar 2013 00:43:59 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.2.17 X-Pingback: http://www.debian-tutorials.com/xmlrpc.php Cache-Control: max-age=7200 Expires: Mon, 04 Mar 2013 02:43:58 GMT Vary: Accept-Encoding
You can optionally add the following lines into NginX configuration file:
more_clear_headers "Content-Type: "; more_clear_headers "Accept-Ranges: "; more_clear_headers "Content-Length: ";
After NginX restart, the full server header will be returned as below:
HTTP/1.1 200 OK Date: Mon, 04 Mar 2013 01:15:32 GMT Last-Modified: Tue, 26 Feb 2013 17:54:58 GMT Connection: keep-alive Keep-Alive: timeout=10 Server: Debian-Tutorials.com Web Server
For more information about more-headers you can check this page:http://wiki.nginx.org/HttpHeadersMoreModule
http://www.debian-tutorials.com/how-to-customize-server-header-using-nginx-headers-more-module
因为通常我们不愿意把服务器所使用的版本信息 服务器web软件信息 返回给用户 这样可以避免很多安全性问题 因为对方无法判断你的web服务器是什么软件 什么版本 也就少了很多入侵的可能性
比如 我们使用 curl -I www.baidu.com
[root@host194 ~]# curl -I www.baidu.com HTTP/1.1 200 OK Date: Mon, 02 Apr 2012 12:20:58 GMT Server: BWS/1.0 Content-Length: 7869 Content-Type: text/html;charset=gb2312 Cache-Control: private Expires: Mon, 02 Apr 2012 12:20:58 GMT Set-Cookie: BAIDUID=015BC91EC78AAA90FAE9AAAF4DF1043F:FG=1; expires=Mon, 02-Apr-42 12:20:58 GMT; path=/; domain=.baidu.com P3P: CP=” OTI DSP COR IVA OUR IND COM ” Connection: Keep-Alive
可以返回百度使用的web服务器为 BWS/1.0 因为这个是他们自己开发定制的 全称为Baidu Web Service 版本为1.0
那么如何修改掉这个header头呢? 我们以Nginx为例 先安装nginx的依赖包
yum install -y lynx pcre* openssl* zlib*
在安装 nginx 我们以编译方式安装
$ cd /usr/local/src $ wget http://nginx.org/download/nginx-1.0.13.tar.gz $ tar -xzf nginx-1.0.13.tar.gz $ cd nginx-* $ ./configure $ make $ make install
接着在下载 NginX headers-more 模块 开源官方网站为 https://github.com/agentzh/headers-more-nginx-module
$ cd /usr/local/src $ lynx https://github.com/agentzh/headers-more-nginx-module/zipball/v0.17rc1
把解压的文件移动到nginx的MOD目录
$ mkdir /usr/local/nginx/mod $ unzip agentzh-headers-more-nginx-module-v0.17rc1-0-g3580526.zip $ mv agentzh-headers-more-nginx-module-3580526 headers-more $ mv headers-more /usr/local/nginx/mod
重新在编译一次 注意这个时候需要指定模块 否则无法自动编译
$ cd /usr/local/src/nginx* $ ./configure –add-module=/usr/local/nginx/mod/headers-more/ $ make $ make install
现在我们添加一个虚拟主机
$ useradd -m mywebs $ mkdir /home/mywebs/public_html | mkdir /home/mywebs/logs $ touch /home/mywebs/logs/access_log | touch /home/mywebs/logs/error_log $ chown mywebs.mywebs * -R $ chmod 755 /home/mywebs
nginx.conf 的配置文件为
user nobody; worker_processes 1;
error_log logs/error.log info;
events { worker_connections 1024; }
http { #下面第一条就是你的web服务器名字 可以直接修改 more_set_headers “Server: HostSoft Web Server”; server_names_hash_max_size 2048; include mime.types; default_type application/octet-stream;
log_format main ‘$remote_addr – $remote_user [$time_local] $status ‘ ‘”$request” $body_bytes_sent “$http_referer” ‘ ‘”$http_user_agent” “$http_x_forwarded_for”‘;
sendfile on; tcp_nopush on;
keepalive_timeout 10;
gzip on;
server {
# this is your access logs location access_log /home/mywebs/logs/access_log; # this is your error logs location error_log /home/mywebs/logs/error_log warn; listen 80; # change to your domain server_name mywebserver.net www.mywebserver.net;
location / { # this is your public_html directory root /home/mywebs/public_html; index index.html index.htm; } } }
好了 现在我们先测试下配置文件是不是正确
/usr/local/nginx/sbin/nginx -t
然后在启动
/usr/local/nginx/sbin/nginx
这个时候使用 curl -I www.你的域名.com 测试 返回
Date: Tue, 13 Mar 2012 04:50:14 GMT Connection: keep-alive Content-Length: 23 Last-Modified: Tue, 13 Mar 2012 04:29:33 GMT Server: HostSoft Web Server Content-Type: text/html Accept-Ranges: bytes
改了吧?
我们还可以设置
more_clear_headers “Content-Type: “; more_clear_headers “Accept-Ranges: “; more_clear_headers “Content-Length: “;
这样就不会返回这些信息了 返回的 应该是
Date: Tue, 13 Mar 2012 04:50:14 GMT Connection: keep-alive Last-Modified: Tue, 13 Mar 2012 04:29:33 GMT Server: HostSoft Web Server
来源:https://www.cnblogs.com/hubing/p/3754158.html