*Nginx存在一些版本上的漏洞,露出来的版本号就容易变成攻击者可利用的信息。所以,从安全的角度来说,隐藏版本号会相对安全些!
Nginx默认显示版本号:
[root@localhost sbin]# curl -I localhost
HTTP/1.1 200 OK
Server: nginx/1.18.0 !!!!!!!
Date: Wed, 31 Mar 2021 03:10:19 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 10 Mar 2021 08:19:55 GMT
Connection: keep-alive
ETag: "6048812b-264"
Accept-Ranges: bytes
那么如何隐藏版本号呢?
- 修改nginx.conf
[root@localhost conf]# vim nginx.conf #如果你是yum安装默认在/etc/nginx/nginx.conf
http {
..........
sendfile on;
#tcp_nopush on;
server_tokens off; 加上这一行配置
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
..........
}
- 编辑php-fpm配置文件,如fastcgi.conf或fcgi.conf(这个配置文件名也可以自定义的,根据具体文件名修改):
找到:
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
改为:
fastcgi_param SERVER_SOFTWARE nginx;
- 重新加载nginx
servic nginx reload
自定义404界面
也很简单只需要如下几步
- 更改nginx配置文件
[root@localhost conf]# vim nginx.conf #如果你是yum安装默认在/etc/nginx/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
fastcgi_intercept_errors on; 开启此项 ,自定义即可,默认为注释
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
..........