1、Apache
隐藏软件号:修改/include/ap_release.h文件 中AP_SERVER_BASEPRODUCT
#define AP_SERVER_BASEVENDOR "Apache Software Foundation"
#define AP_SERVER_BASEPROJECT "Apache HTTP Server"
#define AP_SERVER_BASEPRODUCT "Hidden"
隐藏版本号:httpd.conf文件中,添加以下配置
ServerSignature Off
ServerTokens Prod
如果是源码包的第二次编译,需要将Makefile文件删除后再重新编译,否则版本号显示的依然是前一次编译的效果。
测试
$ curl -I 127.0.0.1
。。。。。。
Server: Hidden
Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
ETag: "2d-432a5e4a73a80"
。。。。。。
2、Nginx
隐藏软件号:修改/src/core/nginx.h NGINX_VERSION NGINX_VER NGINX_VAR
#define nginx_version 1018000
#define NGINX_VERSION "hidden"
#define NGINX_VER "hidden/" NGINX_VERSION
.........
#define NGINX_VAR "HIDDEN"
#define NGX_OLDPID_EXT ".oldbin"
修改:/src/http/ngx_http_header_filter_module.c
static u_char ngx_http_server_string[] = "Server: hidden" CRLF;
修改:/src/http/ngx_http_special_response.c 对外页面报错时,它会控制是否显示敏感信息,将该文件中字符串包含"nginx"修改为"hidden"
static u_char ngx_http_error_tail[] =
"<hr><center>hidden1</center>" CRLF
测试:
$ curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: hidden
Date: Mon, 26 Oct 2020 16:03:58 GMT
.....
隐藏版本号:nginx.conf中添加如下配置
server_tokens off;
3、Tomcat
隐藏版本号:ServerInfo.properties
[root@localhost ~]# cd tomact/lib
[root@localhost lib]# jar -xf catalina.jar org/apache/catalina/util/ServerInfo.properties
server.info=Tomcat
server.number=
server.built=
重新封装jar包并删除多余文件
[root@localhost lib]# jar -uf catalina.jar org/apache/catalina/util/ServerInfo.properties
[root@localhost lib]# rm -rf org/
ina.jar org/apache/catalina/util/ServerInfo.properties
[root@localhost lib]# rm -rf org/