千万个美丽的未来,抵不上一个温暖的现在,每一个真实的现在,都是我们曾经幻想的未来!
May
16
有时候为了伪装自己的真实服务器环境.
不想让对方知道自己的webserver真实环境,就不得不修改我们的webserer软件了!
今天看了一下baidu.com的webserver感觉像是nginx修改的.
C:\curl-7.18.0\curl.exe -I www.baidu.com
HTTP/1.1 200 OK
Date: Tue, 11 Mar 2008 05:00:39 GMT
Server: BWS/1.0
Content-Length: 3022
Content-Type: text/html
Cache-Control: private
Expires: Tue, 11 Mar 2008 05:00:39 GMT
Set-Cookie: BAIDUID=41BB2845D3E8BC1AEE99D4CECB90C50A:FG=1; expires=Tue, 11-
8 05:00:39 GMT; path=/; domain=.baidu.com
P3P: CP=" OTI DSP COR IVA OUR IND COM "
于是自己翻了一下nginx源码了,发现竟然很容修改就可以实现.
cd /usr/local/src/nginx-0.5.35/src/core/
[root@zyatt core]# cat nginx.h
/*
* Copyright (C) Igor Sysoev
*/
#ifndef _NGINX_H_INCLUDED_
#define _NGINX_H_INCLUDED_
#define NGINX_VERSION "1.0"
#define NGINX_VER "LPKWS/" NGINX_VERSION
#define NGINX_VAR "LPKWS"
#define NGX_OLDPID_EXT ".oldbin"
#endif /* _NGINX_H_INCLUDED_ */
测试效果
C:\curl-7.18.0\curl.exe -I 211.100.11.122/info.php (此Nginx没有做优化,配置expires,gzip等,仅为测试)
HTTP/1.1 200 OK
Server: LPKWS/1.0
Date: Tue, 11 Mar 2008 04:53:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.4
要想更彻底点,把下面这几个文件也修改了
修改src/http/ngx_http_header_filter_module.c
static char ngx_http_server_string[]="Server: nginx" CRLF;
修改src/http/ngx_http_special_response.c
static u_char ngx_http_error_tail[]="<hr><center>nginx</center>" CRLF"</body>" CRLF"</html>" CRLF;
修改Nginx的FastCGI配置文件fastcgi.conf
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
要想真正的优化和安全考虑,还是应该好好读读源代码,踏踏实实做好细节工作!
不想让对方知道自己的webserver真实环境,就不得不修改我们的webserer软件了!
今天看了一下baidu.com的webserver感觉像是nginx修改的.
C:\curl-7.18.0\curl.exe -I www.baidu.com
HTTP/1.1 200 OK
Date: Tue, 11 Mar 2008 05:00:39 GMT
Server: BWS/1.0
Content-Length: 3022
Content-Type: text/html
Cache-Control: private
Expires: Tue, 11 Mar 2008 05:00:39 GMT
Set-Cookie: BAIDUID=41BB2845D3E8BC1AEE99D4CECB90C50A:FG=1; expires=Tue, 11-
8 05:00:39 GMT; path=/; domain=.baidu.com
P3P: CP=" OTI DSP COR IVA OUR IND COM "
于是自己翻了一下nginx源码了,发现竟然很容修改就可以实现.
cd /usr/local/src/nginx-0.5.35/src/core/
[root@zyatt core]# cat nginx.h
/*
* Copyright (C) Igor Sysoev
*/
#ifndef _NGINX_H_INCLUDED_
#define _NGINX_H_INCLUDED_
#define NGINX_VERSION "1.0"
#define NGINX_VER "LPKWS/" NGINX_VERSION
#define NGINX_VAR "LPKWS"
#define NGX_OLDPID_EXT ".oldbin"
#endif /* _NGINX_H_INCLUDED_ */
测试效果
C:\curl-7.18.0\curl.exe -I 211.100.11.122/info.php (此Nginx没有做优化,配置expires,gzip等,仅为测试)
HTTP/1.1 200 OK
Server: LPKWS/1.0
Date: Tue, 11 Mar 2008 04:53:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.2.4
要想更彻底点,把下面这几个文件也修改了
修改src/http/ngx_http_header_filter_module.c
static char ngx_http_server_string[]="Server: nginx" CRLF;
修改src/http/ngx_http_special_response.c
static u_char ngx_http_error_tail[]="<hr><center>nginx</center>" CRLF"</body>" CRLF"</html>" CRLF;
修改Nginx的FastCGI配置文件fastcgi.conf
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
要想真正的优化和安全考虑,还是应该好好读读源代码,踏踏实实做好细节工作!