mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-10-24 05:51:44 +02:00
NGINX with naxsi WAF support https://github.com/nbs-system/naxsi Built with the same modules as Debian + SysGuard from Tengine. Nginx patched to anonymise server strings. With the WAF & SysGuard enabled nginx-naxsi benchmarked @ approx 600 connections / second (the same as the standard Alpine nginx pkg). With the WAF disabled 640 connections / second (as the mail modules are removed as per the naxsi author's recommendation).
77 lines
2.3 KiB
Diff
77 lines
2.3 KiB
Diff
--- nginx-1.6.1/src/http/ngx_http_header_filter_module.c
|
|
+++ nginx-1.6.1/src/http/ngx_http_header_filter_module.c
|
|
@@ -46,8 +46,8 @@
|
|
};
|
|
|
|
|
|
-static char ngx_http_server_string[] = "Server: nginx" CRLF;
|
|
-static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
|
|
+static char ngx_http_server_string[] = "";
|
|
+static char ngx_http_server_full_string[] = "";
|
|
|
|
|
|
static ngx_str_t ngx_http_status_lines[] = {
|
|
@@ -278,8 +278,8 @@
|
|
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
|
|
|
|
if (r->headers_out.server == NULL) {
|
|
- len += clcf->server_tokens ? sizeof(ngx_http_server_full_string) - 1:
|
|
- sizeof(ngx_http_server_string) - 1;
|
|
+ len += clcf->server_tokens ? sizeof(ngx_http_server_full_string) - 0:
|
|
+ sizeof(ngx_http_server_string) - 0;
|
|
}
|
|
|
|
if (r->headers_out.date == NULL) {
|
|
--- nginx-1.6.1/src/http/ngx_http_spdy_filter_module.c
|
|
+++ nginx-1.6.1/src/http/ngx_http_spdy_filter_module.c
|
|
@@ -175,11 +175,12 @@
|
|
|
|
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
|
|
|
|
- if (r->headers_out.server == NULL) {
|
|
+/* if (r->headers_out.server == NULL) {
|
|
len += ngx_http_spdy_nv_nsize("server");
|
|
len += clcf->server_tokens ? ngx_http_spdy_nv_vsize(NGINX_VER)
|
|
: ngx_http_spdy_nv_vsize("nginx");
|
|
}
|
|
+*/
|
|
|
|
if (r->headers_out.date == NULL) {
|
|
len += ngx_http_spdy_nv_nsize("date")
|
|
@@ -326,7 +327,7 @@
|
|
|
|
count = 2;
|
|
|
|
- if (r->headers_out.server == NULL) {
|
|
+ /* if (r->headers_out.server == NULL) {
|
|
last = ngx_http_spdy_nv_write_name(last, "server");
|
|
last = clcf->server_tokens
|
|
? ngx_http_spdy_nv_write_val(last, NGINX_VER)
|
|
@@ -334,6 +335,7 @@
|
|
|
|
count++;
|
|
}
|
|
+*/
|
|
|
|
if (r->headers_out.date == NULL) {
|
|
last = ngx_http_spdy_nv_write_name(last, "date");
|
|
--- nginx-1.6.1/src/http/ngx_http_special_response.c
|
|
+++ nginx-1.6.1/src/http/ngx_http_special_response.c
|
|
@@ -19,14 +19,14 @@
|
|
|
|
|
|
static u_char ngx_http_error_full_tail[] =
|
|
-"<hr><center>" NGINX_VER "</center>" CRLF
|
|
+"<hr><center>127.0.0.1</center>" CRLF
|
|
"</body>" CRLF
|
|
"</html>" CRLF
|
|
;
|
|
|
|
|
|
static u_char ngx_http_error_tail[] =
|
|
-"<hr><center>nginx</center>" CRLF
|
|
+"<hr><center>localhost</center>" CRLF
|
|
"</body>" CRLF
|
|
"</html>" CRLF
|
|
;
|