在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
转自:查看nginx | apache | php | tengine | tomcat版本的信息以及如何隐藏版本信息 - 追马 - 51CTO技术博客 昨天配置nginx的时候说道隐藏版本信息的问题,今天就罗列一下要操作的信息列表
详细操作步骤1.1、nginx版本信息查询[root@zhuima_nginx ~]# nginx -vnginx version: nginx/1.6.0 1.2、nginx编译配置参数查询[root@zhuima_nginx ~]# nginx -V nginx version: nginx/1.6.0 built by gcc 4.4.7 20120313 (Red Hat4.4.7-4) (GCC) TLS SNI support enabledconfigure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 1.3、客户端查看nginx的Response Header信息[root@zhuima_client ~]# curl -I HTTP/1.1 200 OKServer: nginx/1.6.0 Date: S at, 19 Jul 2014 02:18:54 GMTContent-Type: text/html Content-Length: 16412 Last-Modified: Mon, 07 Jul 2014 05:25:22 G MT Connection: keep-alive Vary: Accept-Encoding ETag: "53ba2f42-401c" Accept-Ranges: bytes
1.4、如何隐藏nginx的Response Header中返回的版本号信息
[root@zhuima_nginx ~]# [root@zhuima_nginx ~]# sed -n '/server_tokens/p' /usr/local/nginx/conf/nginx.conf server_tokens off; # 在nginx全局配置文件中添加这行即可 [root@zhuima_nginx ~]#
重启nginx服务然后客户端验证效果 [root@zhuima_client ~]# curl -I http://218.244.xxx.xxx HTTP/1.1 200 OK Server: nginx Date: Sat, 19 Jul 2014 02:33:11 GMT Content-Type: text/html Content-Length: 16412 Last-Modified: Mon, 07 Jul 2014 05:25:22 GMT Connection: keep-alive Vary: Accept-Encoding ETag: "53ba2f42-401c" Accept-Ranges: bytes
2、Apache版本信息查询及隐藏2.1、apache版本信息查询
[root@zhuima_httpd ~]# apachectl -v Server version: Apache/2.2.15 (Unix) Server built: Apr 3 2014 23:56:16 [root@zhuima_httpd ~]#
apache编译参数查询 [root@zhuima_httpd ~]# apachectl -V Server version: Apache/2.2.15 (Unix) Server built: Apr 3 2014 23:56:16 Server's Module Magic Number: 20051115:25 Server loaded: APR 1.3.9, APR-Util 1.3.9 Compiled using: APR 1.3.9, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" [root@zhuima_httpd ~]#
2.2、apache版本信息隐藏
[root@zhuima_client ~]# curl -I http://192.168.xxx.xxx HTTP/1.1 403 Forbidden Date: Sat, 19 Jul 2014 02:41:02 GMT Server: Apache/2.2.15 (CentOS) Accept-Ranges: bytes Content-Length: 5039 Connection: close Content-Type: text/html; charset=UTF-8
#ServerTokens OS # 注释掉改行
Servertokens off # 添加这行屏蔽apache版本信息
ServerSignature Off # 添加这行屏蔽系统信息
重启httpd服务之后客户端再次验证 [root@zhuima_client ~]# curl -I http://192.168.xxx.xxx HTTP/1.1 403 Forbidden Date: Sat, 19 Jul 2014 02:47:21 GMT Server: Apache Accept-Ranges: bytes Content-Length: 5039 Connection: close Content-Type: text/html; charset=UTF-8
3、略
4、tengine版本信息查询及隐藏4.1、tengine版本信息查询这里为什么要把tengine单独拿出来说事呢,初装tengine的童鞋肯定会有点迷茫,为毛tengine会显示出那么多的系统版本信息,除此之外其他操作和nginx一样,这里仅说下nginx版本的隐藏相关显示的信息有: 4.2、tengine版本信息隐藏
server_tag off;
server_info off;
server_tokens off;
5、tomcat版本信息查询及隐藏5.1、tomcat版本信息查询
[root@zhuima_tomcat ~]$ catalina.sh version ............................... Server version: Apache Tomcat/7.0.42 Server built: Jul 2 2013 08:57:41 Server number: 7.0.42.0 OS Name: Linux OS Version: 2.6.32-431.el6.x86_64 Architecture: amd64 JVM Version: 1.7.0_09-b05 JVM Vendor: Oracle Corporation
客户端验证tomcat版本信息
5.2、tomcat版本信息隐藏
总结:
|
2022-08-30
2022-08-17
2022-11-06
2022-08-14
2022-08-18
请发表评论