Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Camouflage Nginx Web server version to prevent invasion     - J2EE Example of Filter (Programming)

- Safety testing Unix and Linux server entry succinctly (Linux)

- IOwait Linux system monitoring diagnostic tools (Linux)

- Linux can modify the maximum number of open files (Linux)

- Servlet life cycle works (Programming)

- C ++ Supplements - References (Lvalue Reference, Rvalue Reference) (Linux)

- Linux environment password security settings (Linux)

- Oracle SQL statement tracking (Database)

- Ubuntu 14.04 LTS 64-bit install GNS3 1.3.7 (Linux)

- How to use Git to upload code to GitHub project (Linux)

- View processes and threads under Linux (Linux)

- Port is not being used, how will bind failure? (Server)

- Linux character device - user mode and kernel mode data transfer data (Linux)

- Installation Elementary OS Freya 20 things to do (Linux)

- Windows7 / 8 / 8.1 hard drive to install Ubuntu 14.04 dual system (Linux)

- How to view the Linux QPS (Linux)

- Using Oracle for Oracle GoldenGate to achieve a one-way data synchronization (Database)

- Redhat 7 modify the default run level method --RHEL7 use systemd to create a symbolic link to the default runlevel (Linux)

- Postgres-X2 deployment steps (Database)

- How to use Xmanager Remote Desktop and VNC Log (Linux)

 
         
  Camouflage Nginx Web server version to prevent invasion
     
  Add Date : 2018-11-21      
         
         
         
  In order to prevent hackers to scan web server information corresponding to the web server through the information to find the corresponding version of the loopholes, and thus the web server intrusion, nginx Although powerful, but also the software, the software may be vulnerable, for example nginx- 0.6.32 version, by default may lead to server errors any type of file to parse PHP manner, such as Trojan upload a jpg format to the forum site, through loopholes parsed into a phpshell, thereby obtaining permissions intrusion server, this will cause serious security problems, so that hackers can capture the nginx server support php. If the storm drain nginx version and the version and security vulnerabilities so your web server is certainly at stake.

Directed to nginx server, you can modify the source code in the header on nginx description below to nginx-1.2.0 version, for example.

[Root @ www nginx-1.2.0] # cd src / core /
[Root @ www core] # vim nginx.h ------- edit nginx.h file
/ *
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
* /
#ifndef _NGINX_H_INCLUDED_
#define _NGINX_H_INCLUDED_
#define nginx_version 1002000
#define NGINX_VERSION "2.2.2" // default to 1.2.0
#define NGINX_VER "Apache /" NGINX_VERSION // default Nginx
#define NGINX_VAR "NGINX"
#define NGX_OLDPID_EXT ".oldbin"
#endif / * _NGINX_H_INCLUDED_ * /
Then compiled normally complete the installation.

Test results

Use nmap scan host

Get http request information using curl

Or visit a URL that does not exist can also see the effect

You can see whether or request for information on the website http packets with nmap scan host access requests using curl or even a nonexistent url displays web server using Apache2.2.2 version, thus hiding our real web server version That nginx-1.2.0 version, to protect the security of web servers.
     
         
         
         
  More:      
 
- Oracle TDE transparent data encryption (Database)
- To create and manage virtual machines on Ubuntu Redhat (Linux)
- Nginx + ownCloud + PHP + MySQL to build personal private cloud under CentOS7 (Server)
- How to modify the Emacs Major Mode Shortcuts (Linux)
- 10 practical Java programming technology (Programming)
- Python Basics Tutorial - lambda keyword (Programming)
- CentOS7 build GlusterFS (Linux)
- Kickstart automated installation and deployment RHEL 7.0 (Linux)
- Customize the output format in Linux history (Linux)
- git checkout generated in the use of temporary br (Linux)
- swap space is insufficient cause OOM kill MySQL Case (Database)
- ORA-38856: Unable instance UNNAMED_INSTANCE_2 (redo thread 2) marked enabled (Database)
- To install OwnCloud 7.0.4 under Ubuntu (Linux)
- MySQL database under Linux to achieve automatic backup scheduled backup day (Database)
- Oracle background processes daemons (Database)
- Internet proxy workaround can not be used under Linux YUM (Linux)
- HashMap in Android and Java different implementations (Programming)
- Create a DLL using MinGW and Attention (Programming)
- Use mod_wsgi Django application deployment (Server)
- MySQL monitoring tools -orzdba (Database)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.