How to Customize Server Header using NginX headers-more module

时间:2022-12-31 14:48:31

http://wiki.nginx.org/HttpHeadersMoreModule#Version

headers_more

When you are browsing a website, you can check the type of web server running by retrieving the response server header. For example the following server response return for website http://www.debian-tutorials.com:

HTTP/1.1  OK

Server: Apache/2.2.

Date: Mon,  Mar  :: GMT

Content-Type: text/html; charset=UTF-

Connection: keep-alive

X-Powered-By: PHP/5.2.

X-Pingback: http://www.debian-tutorials.com/xmlrpc.php

Cache-Control: max-age=

Expires: Mon,  Mar  :: GMT

Vary: Accept-Encoding

From the information we can know that the web server is running on Apache version 2.2.22.

By using NginX you can personalize and customize your server header to the name that you want. Instead of showing the real web server name which is “nginx“  you can set for users to see the web server name as “my websites webserver“.

In this guide I will show you how to  customize server header using NginX headers-more module without compiling again the server.

1. Install Nginx webserver if you don’t have it installed already.

You can use this guide to do it: Setting up Nginx plus PHP FastCGI on Debian 6.0.6 Squeeze

2.Install nginx-extras package.

In Debian Squeeze exists one package called nginx-extras that contains some standard modules, plus extra features and modules like headers-more-module and others. You can find more info here: http://packages.debian.org/sid/nginx-extras

Install the nginx-extras packages like this:

apt-get install nginx-extras

3. Make some changes under  http directive to NginX configuration file which located under /etc/nginx/nginx.conf as below:

http {

#This is your web server name

more_set_headers "Server: Debian-Tutorials.com Web Server";

# Let NGINX get the real client IP for its access logs

set_real_ip_from 127.0.0.1;

real_ip_header X-Forwarded-For;

## Default log and error files.

access_log /var/log/nginx/access.log;

error_log /var/log/nginx/error.log;

Before you restart the NginX, make sure you check the configuration syntax:

nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

If everything is okay you can restart the web server now:

/etc/init.d/nginx restart

[ ok ] Restarting nginx: nginx.

Now you can check the server header and you will notice that your customize web server name has appeared at the “Server” section.

HTTP/1.1  OK

Server: Debian-Tutorials.com Web Server

Date: Mon,  Mar  :: GMT

Content-Type: text/html; charset=UTF-

Connection: keep-alive

X-Powered-By: PHP/5.2.

X-Pingback: http://www.debian-tutorials.com/xmlrpc.php

Cache-Control: max-age=

Expires: Mon,  Mar  :: GMT

Vary: Accept-Encoding

You can optionally add the following lines into NginX configuration file:

more_clear_headers   "Content-Type: ";

more_clear_headers   "Accept-Ranges: ";

more_clear_headers   "Content-Length: ";

After NginX restart, the full server header will be returned as below:

HTTP/1.1  OK

Date: Mon,  Mar  :: GMT

Last-Modified: Tue,  Feb  :: GMT

Connection: keep-alive

Keep-Alive: timeout=

Server: Debian-Tutorials.com Web Server

For more information about more-headers you can check this page:http://wiki.nginx.org/HttpHeadersMoreModule

http://www.debian-tutorials.com/how-to-customize-server-header-using-nginx-headers-more-module

http://www.hostsoft.cn/blog/2012/04/02/ding-zhi-NGINX-de-Header-fan-hui-xin-xi-Nginx-an-quan-jiao-cheng/

因为通常我们不愿意把服务器所使用的版本信息 服务器web软件信息 返回给用户 这样可以避免很多安全性问题 因为对方无法判断你的web服务器是什么软件 什么版本 也就少了很多入侵的可能性

比如 我们使用 curl -I www.baidu.com

[root@host194 ~]# curl -I www.baidu.com HTTP/1.1 200 OK Date: Mon, 02 Apr 2012 12:20:58 GMT Server: BWS/1.0 Content-Length: 7869 Content-Type: text/html;charset=gb2312 Cache-Control: private Expires: Mon, 02 Apr 2012 12:20:58 GMT Set-Cookie: BAIDUID=015BC91EC78AAA90FAE9AAAF4DF1043F:FG=1; expires=Mon, 02-Apr-42 12:20:58 GMT; path=/; domain=.baidu.com P3P: CP=” OTI DSP COR IVA OUR IND COM ” Connection: Keep-Alive

可以返回百度使用的web服务器为 BWS/1.0 因为这个是他们自己开发定制的 全称为Baidu Web Service 版本为1.0

那么如何修改掉这个header头呢? 我们以Nginx为例 先安装nginx的依赖包

yum install -y lynx pcre* openssl* zlib*

在安装 nginx 我们以编译方式安装

$ cd /usr/local/src $ wget http://nginx.org/download/nginx-1.0.13.tar.gz $ tar -xzf nginx-1.0.13.tar.gz $ cd nginx-* $ ./configure $ make $ make install

接着在下载 NginX headers-more 模块 开源官方网站为 https://github.com/agentzh/headers-more-nginx-module

$ cd /usr/local/src $ lynx https://github.com/agentzh/headers-more-nginx-module/zipball/v0.17rc1

把解压的文件移动到nginx的MOD目录

$ mkdir /usr/local/nginx/mod $ unzip agentzh-headers-more-nginx-module-v0.17rc1-0-g3580526.zip $ mv agentzh-headers-more-nginx-module-3580526 headers-more $ mv headers-more /usr/local/nginx/mod

重新在编译一次 注意这个时候需要指定模块 否则无法自动编译

$ cd /usr/local/src/nginx* $ ./configure –add-module=/usr/local/nginx/mod/headers-more/ $ make $ make install

现在我们添加一个虚拟主机

$ useradd -m mywebs $ mkdir /home/mywebs/public_html | mkdir /home/mywebs/logs $ touch /home/mywebs/logs/access_log | touch /home/mywebs/logs/error_log $ chown mywebs.mywebs * -R $ chmod 755 /home/mywebs

nginx.conf 的配置文件为

user nobody; worker_processes 1;

error_log logs/error.log info;

events { worker_connections 1024; }

http { #下面第一条就是你的web服务器名字 可以直接修改 more_set_headers “Server: HostSoft Web Server”; server_names_hash_max_size 2048; include mime.types; default_type application/octet-stream;

log_format main ‘$remote_addr – $remote_user [$time_local] $status ‘ ‘”$request” $body_bytes_sent “$http_referer” ‘ ‘”$http_user_agent” “$http_x_forwarded_for”‘;

sendfile on; tcp_nopush on;

keepalive_timeout 10;

gzip on;

server {

# this is your access logs location access_log /home/mywebs/logs/access_log; # this is your error logs location error_log /home/mywebs/logs/error_log warn; listen 80; # change to your domain server_name mywebserver.net www.mywebserver.net;

location / { # this is your public_html directory root /home/mywebs/public_html; index index.html index.htm; } } }

好了 现在我们先测试下配置文件是不是正确

/usr/local/nginx/sbin/nginx -t

然后在启动

/usr/local/nginx/sbin/nginx

这个时候使用 curl -I www.你的域名.com 测试 返回

Date: Tue, 13 Mar 2012 04:50:14 GMT Connection: keep-alive Content-Length: 23 Last-Modified: Tue, 13 Mar 2012 04:29:33 GMT Server: HostSoft Web Server Content-Type: text/html Accept-Ranges: bytes

改了吧?

我们还可以设置

more_clear_headers “Content-Type: “; more_clear_headers “Accept-Ranges: “; more_clear_headers “Content-Length: “;

这样就不会返回这些信息了 返回的 应该是

Date: Tue, 13 Mar 2012 04:50:14 GMT Connection: keep-alive Last-Modified: Tue, 13 Mar 2012 04:29:33 GMT Server: HostSoft Web Server

How to Customize Server Header using NginX headers-more module的更多相关文章

  1. Angular2+ 使用 Protractor 与 Modify Header Value (HTTP Headers) 插件 完成 Windows Authorization 验证

    入职新公司第二周,接到了一个E2E测试的任务,两天的时间把所有的测试条件都写完了,结果剩下三天都卡在了Windows Authorization验证这里. 先说一下公司项目Authorize的逻辑 第 ...

  2. 火狐添加消息头 Modify Header Value (HTTP Headers)

    火狐浏览器添加组件 : Modify Header Value (HTTP Headers)

  3. [nginx]nginx的一个奇葩问题 500 Internal Server Error phpstudy2018 nginx虚拟主机配置 fastadmin常见问题处理

    [nginx]nginx的一个奇葩问题 500 Internal Server Error 解决方案 nginx 一直报500 Internal Server Error 错误,配置是通过phpstu ...

  4. Nginx - HTTP Configuration, Module Directives

    Socket and Host Configuration This set of directives will allow you to configure your virtual hosts. ...

  5. ubuntu 12.04 server编译安装nginx

    tar -xvf zlib-1.2.8.tar.gz cd zlib-1.2.8 ./config make make install above is for zlib(refers http:// ...

  6. ubuntu server编译安装nginx

    刚刚安装好了ubuntu server14.04,如今要安装一个webserver,纯静态就用nginx应用程序server吧,性能出众啊. 安装编译环境 我们这里採用源代码编译安装的方式,大家能够看 ...

  7. windows server 2008使用nginx转发API异常解决办法

    公司比较传统,一直使用的JSP做项目,没有遇到过跨域问题. 最近因为公司接到一个微信spa项目,因为考虑到项目需要调用老接口,斗胆选择nginx(1.12.1)做接口转发服务, 开发环境使用的win1 ...

  8. Web Server 分布式服务: Nginx负载均衡

    Nginx是一款轻量级的Web 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器.由俄罗斯的程序设计师Igor Sysoev所开发,供俄国大型的入口网站及搜索引擎Rambler使用.其 ...

  9. Nginx - HTTP Configuration, Module Variables

    The HTTP Core module introduces a large set of variables that you can use within the value of direct ...

随机推荐

  1. 第 18 章 CSS 表格与列表

    学习要点: 1.表格样式 2.列表样式 3.其他功能 主讲教师:李炎恢 本章主要探讨 HTML5 中 CSS 表格和列表,通过表格和列表的样式设置,让表格和列表显示更加多元化. 一.表格样式 表格有五 ...

  2. [CareerCup] 8.4 Parking Lot 停车场问题

    8.4 Design a parking lot using object-oriented principles. LintCode上的原题,请参见我的另一篇博客Parking Lot 停车场问题. ...

  3. bzoj 1053: [HAOI2007]反素数ant 搜索

    1053: [HAOI2007]反素数ant Time Limit: 10 Sec  Memory Limit: 162 MBSubmit: 1497  Solved: 821[Submit][Sta ...

  4. JQuery解析XML数据的几个例子

    用JavaScript解析XML数据是常见的编程任务,JavaScript能做的,JQuery当然也能做.下面我们来总结几个使用JQuery解析XML的例子. 第一种方案: <script ty ...

  5. POJ 1155 树形背包&lpar;DP&rpar; TELE

    题目链接:  POJ 1155 TELE 分析:  用dp[i][j]表示在结点i下最j个用户公司的收益, 做为背包处理.        dp[cnt][i+j] = max( dp[cnt][i+j ...

  6. Symmetry(对称轴存在问题)

    Symmetry Time Limit:3000MS     Memory Limit:0KB     64bit IO Format:%lld & %llu Description   Th ...

  7. 安装psutil模块报错&amp&semi;安装python-devel

    psutil/_psutil_linux.c:9:20: 错误:Python.h:没有那个文件或目录 In file included from psutil/_psutil_linux.c:19:p ...

  8. Babel指南——基本环境搭建

    ECMAScript的现状 ECMAScript,本身是一个脚本语言的设计规范,基于此规范,有许多为人熟知的语言,如JavaScript.ActionScript等.而时至几年前,随着Node.js的 ...

  9. devexpress entity framework 与 asp&period;net mvc的坑

    最近在做一个使用ASP.NET MVC DEVEXPRESS和EF的OA模块 遇到不少问题这里记录一下: 1 如果项目中存在多个上下文类(DBContext的派生类),在做数据迁移的时候需要在不同目录 ...

  10. Oracle数据类型与&period;NET中的对应关系

    Oracle连接添加的引用不同,会存在数据类型不同以及其他一些差别,就工作中遇到的问题暂时总结下. 两种不同的添加引用语句: (1)System.Data.OracleClient; (2)Oracl ...

相关文章