1.安装【headers-more-nginx-module】模块,自定义nginx头信息
2.禁止Iframe跨域请求
more_set_headers 'X-Frame-Options SAMEORIGIN';
3.隐藏头信息server
more_clear_headers 'server';
4.ip访问拦截至500页面(并重写500页面,去除其中相关服务信息)
http中最前部分加入
server { listen 80; listen 443 default_server; server_name _; ssl_certificate cert/test.crt; ssl_certificate_key cert/test.key; ssl_session_timeout 5m; ssl_ciphers ****-****; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; error_page 497 400 502 503 = /50x.html; location = /50x.html { return 500 /50x.html; } return 500 /50x.html; }
其中443端口配置时,需配置相关ssl配置(不需要443端口时,可不进行相关配置)(简单配置可参考:https://www.cnblogs.com/zktww/p/16085763.html)
5.完整示例
#user nobody; #解决权限问题 user root; worker_processes auto; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; more_clear_headers 'server'; more_set_headers 'X-Frame-Options SAMEORIGIN'; sendfile on; proxy_pass_header Server; server { listen 80; listen 443 default_server; server_name _; ssl_certificate cert/test.crt; ssl_certificate_key cert/test.key; ssl_session_timeout 5m; ssl_ciphers ****-****; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; error_page 497 400 502 503 = /50x.html; location = /50x.html { return 500 /50x.html; } return 500 /50x.html; }
#具体分发 include conf.d/test.conf; }