隐藏前:
root@iZm5eabkgmsfy2phj5pr1xZ:~# curl -I www.leon0204.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.3
Date: Tue, 28 Nov 2017 02:35:40 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://www.leon0204.com/
隐藏后:
root@iZm5eabkgmsfy2phj5pr1xZ:~# curl -I www.leon0204.com
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 28 Nov 2017 02:39:55 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.leon0204.com/
隐藏原因:Nginx某些版本有漏洞,暴露出来容易被攻击者利用,隐藏起来更安全
修改方法:
- nginx.conf中
去掉下面注释,或者添加这一行
http{
...
server_tokens off
...
}
- 如果是转发给php-fpm ,需要编辑fastcgi.conf,一般在nginx.conf 同层
找到:
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
改为:
fastcgi_param SERVER_SOFTWARE nginx;