NGINX——如何修改缺省banner

问题：

 

可通过HTTP获取远端WWW服务信息

低

本插件检测远端HTTP Server信息。这可能使得攻击者了解远程系统类型以便进行下一步的攻击[kz1] [kz2] 。

NSFOCUS建议您采取以下措施以降低威胁：   * 改变您的HTTP服务器的缺省banner。

未修复

 

 

前言

漏洞啊，漏洞啊,要先停止nginx服务

步骤

解压安装包

使用的是一件部署包,所以要单独拿出来搞下~

tar -zxvf nginx-1.16.1.tar.gz

修改文件ngx_http_header_filter_module.c

cd nginx-1.16.1/src/http/
vi ngx_http_header_filter_module.c 
# 要修改的配置
static u_char ngx_http_server_string[] = "Server: nginx" CRLF;
static u_char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
static u_char ngx_http_server_build_string[] = "Server: " NGINX_VER_BUILD CRLF;

原文件:

修改为:

static u_char ngx_http_server_string[] = "Server: unknow" CRLF;
static u_char ngx_http_server_full_string[] = "Server: unknow"  CRLF;
static u_char ngx_http_server_build_string[] = "Server: unknow"  CRLF;

重新编译

cd nginx-1.16.1
# 安装nginx的目录 --prefix=/usr/local/nginx 
 ./configure --prefix=/usr/local/nginx && make && make install 

编译报错信息

#提示需要PCRE库
./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using --without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using --with-pcre=<path> option.

解决方法

yum -y install pcre-devel

再次编译

#编译
./configure --prefix=/usr/local/nginx && make && make install 

#安装依赖
./configure --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-openssl=./openssl-1.0.2t --with-pcre=./pcre-8.43 --with-pcre-jit --with-ld-opt='-ljemalloc'  && make && make install

验证