Nginx隐藏服务器端各类信息的方法

OGeek|极客世界-中国程序员成长平台 › 门户 › 编程› 服务器相关›Nginx 入门指南

原作者: [db:作者] 来自: [db:来源] 收藏邀请

有时我们不希望有人可以通过一些工具来返回我们服务器的信息，下面我来介绍在nginx中隐藏nginx响应头,修改nginx返回头信息,隐藏php版本号,隐藏服务器信息，同学可参考。

首先隐藏nginx版本信息，只需编辑 nginx.conf 文件
添加一行

server_tokens off;

http {
  include    /etc/nginx/mime.types;
  default_type application/octet-stream;
  index index.php index.html index.htm;
  server_tokens off;
 
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
           '$status $body_bytes_sent "$http_referer" '
           '"$http_user_agent" "$http_x_forwarded_for"';
 
  access_log /var/log/nginx/access.log main;
 
  sendfile    on;
  #tcp_nopush   on;
 
  keepalive_timeout 65;
 
  #gzip on;
 
  include /etc/nginx/conf.d/*.conf;
}

响应头隐藏PHP版本休息,编辑php.ini文件找到expose_php = On , 修改为 expose_php = Off

;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://www.php.net/manual/en/ini.core.php#ini.expose-php
expose_php = Off