信息泄露类型:HTTP服务器响应头Server字段信息泄露
示例:
解决:
需要重新对nginx编译安装:
[root@localhost ~]# tar zxvf nginx-1.8.1.tar.gz
进入nginx目录,修改src/http/ngx_http_header_filter_module.c:
[root@localhost nginx-1.8.1]# vim src/http/ngx_http_header_filter_module.c
修改:
内容:
static char ngx_http_server_string[] = "Server: nginx" CRLF;
static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF; 更改为:
static char ngx_http_server_string[] = "Server: X-Web" CRLF;
static char ngx_http_server_full_string[] = "Server:X-Web " CRLF;
编译安装:
[root@localhost nginx-1.8.1]# ./configure --prefix=/data/nginx --with-http_stub_status_module
[root@localhost nginx-1.8.1]# make && make install
重启nginx:
[root@localhost sbin]# service nginx restart
验证:
