Nginx service security vulnerability repair

Enterprise 2023-06-05 08:54:40 views: null

1. Description of Security Vulnerabilities

Products that use Nginx to provide services, after being scanned by security scanning tools, three high-risk and three medium-risk security vulnerabilities are reported

2. The version of nginx is too low and comes with security holes

After upgrading the nginx version to 1.21.1, the three high-risk vulnerabilities disappeared.

3. HTTP header disclosure

  • Download the source code:

http://nginx.org/en/download.html

  • Modify the source code:

There are three source code locations that need to be modified to modify the Server header:

nginx.h file in the src/core directory

ngx_http_header_filter_module.c file in the src/http directory

 

The ngx_http_special_response.c file in the src/http directory

 

  • Compile:
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.21.1/debian/debuild-base/nginx-1.21.1=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
make

Encoding errors are mostly due to missing components, just install them.

  • If the compilation is successful, the nginx binary file will be generated in the objs directory, and replace /usr/sbin/nginx or put it in /usr/sbin.

final effect:

 

 

4. Error page information exposure

Error page redirection, custom 404 error page.

  

Effect:

 

5. Disable server token

Set in the nginx configuration file: server_tokens off

Guess you like

Origin blog.csdn.net/jane_xing/article/details/119564046
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com