Browse Source

Add remove server header, Update README.md

master
Hakase 9 months ago
parent
commit
d350e6c944
2 changed files with 168 additions and 0 deletions
  1. 8
    0
      README.md
  2. 160
    0
      remove_nginx_server_header.patch

+ 8
- 0
README.md View File

@@ -47,6 +47,14 @@ Example of setting TLS 1.3 cipher in nginx (pre7 or higher):
47 47
 | Fullname Cipher | TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 |
48 48
 | TLS 1.3 + 1.2 ciphers | TLS13+AESGCM+AES128:EECDH+AES128 |
49 49
 
50
+## Not OpenSSL patch files
51
+
52
+| Patch file name | Patch list |
53
+| :--- | :--- |
54
+| nginx_hpack_push.patch | _Patch both_ the HPACK patch and the **PUSH ERROR**. |
55
+| nginx_hpack_push_fix.patch | _Patch only_ the **PUSH ERROR** of the hpack patch. (If the HPACK patch has already been completed) |
56
+| remove_nginx_server_header.patch | Remove nginx server header. (http2, http1.1) |
57
+
50 58
 ## nginx Configuration
51 59
 
52 60
 ### HPACK Patch

+ 160
- 0
remove_nginx_server_header.patch View File

@@ -0,0 +1,160 @@
1
+diff --git a/src/http/ngx_http_header_filter_module.c b/src/http/ngx_http_header_filter_module.c
2
+index 9b894059..1a07dace 100644
3
+--- a/src/http/ngx_http_header_filter_module.c
4
++++ b/src/http/ngx_http_header_filter_module.c
5
+@@ -46,11 +46,6 @@ ngx_module_t  ngx_http_header_filter_module = {
6
+ };
7
+ 
8
+ 
9
+-static u_char ngx_http_server_string[] = "Server: nginx" CRLF;
10
+-static u_char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
11
+-static u_char ngx_http_server_build_string[] = "Server: " NGINX_VER_BUILD CRLF;
12
+-
13
+-
14
+ static ngx_str_t ngx_http_status_lines[] = {
15
+ 
16
+     ngx_string("200 OK"),
17
+@@ -279,18 +274,6 @@ ngx_http_header_filter(ngx_http_request_t *r)
18
+ 
19
+     clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
20
+ 
21
+-    if (r->headers_out.server == NULL) {
22
+-        if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_ON) {
23
+-            len += sizeof(ngx_http_server_full_string) - 1;
24
+-
25
+-        } else if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_BUILD) {
26
+-            len += sizeof(ngx_http_server_build_string) - 1;
27
+-
28
+-        } else {
29
+-            len += sizeof(ngx_http_server_string) - 1;
30
+-        }
31
+-    }
32
+-
33
+     if (r->headers_out.date == NULL) {
34
+         len += sizeof("Date: Mon, 28 Sep 1970 06:00:00 GMT" CRLF) - 1;
35
+     }
36
+@@ -448,23 +431,6 @@ ngx_http_header_filter(ngx_http_request_t *r)
37
+     }
38
+     *b->last++ = CR; *b->last++ = LF;
39
+ 
40
+-    if (r->headers_out.server == NULL) {
41
+-        if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_ON) {
42
+-            p = ngx_http_server_full_string;
43
+-            len = sizeof(ngx_http_server_full_string) - 1;
44
+-
45
+-        } else if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_BUILD) {
46
+-            p = ngx_http_server_build_string;
47
+-            len = sizeof(ngx_http_server_build_string) - 1;
48
+-
49
+-        } else {
50
+-            p = ngx_http_server_string;
51
+-            len = sizeof(ngx_http_server_string) - 1;
52
+-        }
53
+-
54
+-        b->last = ngx_cpymem(b->last, p, len);
55
+-    }
56
+-
57
+     if (r->headers_out.date == NULL) {
58
+         b->last = ngx_cpymem(b->last, "Date: ", sizeof("Date: ") - 1);
59
+         b->last = ngx_cpymem(b->last, ngx_cached_http_time.data,
60
+diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
61
+index 2c1ff174..34f3b5c5 100644
62
+--- a/src/http/ngx_http_special_response.c
63
++++ b/src/http/ngx_http_special_response.c
64
+@@ -19,21 +19,18 @@ static ngx_int_t ngx_http_send_refresh(ngx_http_request_t *r);
65
+ 
66
+ 
67
+ static u_char ngx_http_error_full_tail[] =
68
+-"<hr><center>" NGINX_VER "</center>" CRLF
69
+ "</body>" CRLF
70
+ "</html>" CRLF
71
+ ;
72
+ 
73
+ 
74
+ static u_char ngx_http_error_build_tail[] =
75
+-"<hr><center>" NGINX_VER_BUILD "</center>" CRLF
76
+ "</body>" CRLF
77
+ "</html>" CRLF
78
+ ;
79
+ 
80
+ 
81
+ static u_char ngx_http_error_tail[] =
82
+-"<hr><center>nginx</center>" CRLF
83
+ "</body>" CRLF
84
+ "</html>" CRLF
85
+ ;
86
+diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c
87
+index 853faefd..71480853 100644
88
+--- a/src/http/v2/ngx_http_v2_filter_module.c
89
++++ b/src/http/v2/ngx_http_v2_filter_module.c
90
+@@ -148,19 +148,11 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
91
+     ngx_http_core_srv_conf_t  *cscf;
92
+     u_char                     addr[NGX_SOCKADDR_STRLEN];
93
+ 
94
+-    static const u_char nginx[5] = "\x84\xaa\x63\x55\xe7";
95
+ #if (NGX_HTTP_GZIP)
96
+     static const u_char accept_encoding[12] =
97
+         "\x8b\x84\x84\x2d\x69\x5b\x05\x44\x3c\x86\xaa\x6f";
98
+ #endif
99
+ 
100
+-    static size_t nginx_ver_len = ngx_http_v2_literal_size(NGINX_VER);
101
+-    static u_char nginx_ver[ngx_http_v2_literal_size(NGINX_VER)];
102
+-
103
+-    static size_t nginx_ver_build_len =
104
+-                                  ngx_http_v2_literal_size(NGINX_VER_BUILD);
105
+-    static u_char nginx_ver_build[ngx_http_v2_literal_size(NGINX_VER_BUILD)];
106
+-
107
+     stream = r->stream;
108
+ 
109
+     if (!stream) {
110
+@@ -259,19 +251,6 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
111
+ 
112
+     clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
113
+ 
114
+-    if (r->headers_out.server == NULL) {
115
+-
116
+-        if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_ON) {
117
+-            len += 1 + nginx_ver_len;
118
+-
119
+-        } else if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_BUILD) {
120
+-            len += 1 + nginx_ver_build_len;
121
+-
122
+-        } else {
123
+-            len += 1 + sizeof(nginx);
124
+-        }
125
+-    }
126
+-
127
+     if (r->headers_out.date == NULL) {
128
+         len += 1 + ngx_http_v2_literal_size("Wed, 31 Dec 1986 18:00:00 GMT");
129
+     }
130
+@@ -480,30 +459,6 @@ ngx_http_v2_header_filter(ngx_http_request_t *r)
131
+                            "http2 output header: \"server: nginx\"");
132
+         }
133
+ 
134
+-        *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_SERVER_INDEX);
135
+-
136
+-        if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_ON) {
137
+-            if (nginx_ver[0] == '\0') {
138
+-                p = ngx_http_v2_write_value(nginx_ver, (u_char *) NGINX_VER,
139
+-                                            sizeof(NGINX_VER) - 1, tmp);
140
+-                nginx_ver_len = p - nginx_ver;
141
+-            }
142
+-
143
+-            pos = ngx_cpymem(pos, nginx_ver, nginx_ver_len);
144
+-
145
+-        } else if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_BUILD) {
146
+-            if (nginx_ver_build[0] == '\0') {
147
+-                p = ngx_http_v2_write_value(nginx_ver_build,
148
+-                                            (u_char *) NGINX_VER_BUILD,
149
+-                                            sizeof(NGINX_VER_BUILD) - 1, tmp);
150
+-                nginx_ver_build_len = p - nginx_ver_build;
151
+-            }
152
+-
153
+-            pos = ngx_cpymem(pos, nginx_ver_build, nginx_ver_build_len);
154
+-
155
+-        } else {
156
+-            pos = ngx_cpymem(pos, nginx, sizeof(nginx));
157
+-        }
158
+     }
159
+ 
160
+     if (r->headers_out.date == NULL) {

Loading…
Cancel
Save