diff options
| author | Stuart Cardall <developer@it-offshore.co.uk> | 2014-09-18 03:20:50 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-09-18 09:47:11 +0000 |
| commit | 7596de12a5a72588a318d4768303b18635ab44b7 (patch) | |
| tree | fad92b3d4e2aab3b3001b611398253dfd020ed37 /testing/nginx-naxsi/anonymise.patch | |
| parent | 080e012e1cc56363171c2544a7591918c7be26ad (diff) | |
| download | aports-7596de12a5a72588a318d4768303b18635ab44b7.tar.bz2 aports-7596de12a5a72588a318d4768303b18635ab44b7.tar.xz | |
testing/nginx-naxsi: new aport
NGINX with naxsi WAF support https://github.com/nbs-system/naxsi
Built with the same modules as Debian + SysGuard from Tengine.
Nginx patched to anonymise server strings.
With the WAF & SysGuard enabled nginx-naxsi benchmarked @ approx
600 connections / second (the same as the standard Alpine nginx pkg).
With the WAF disabled 640 connections / second (as the mail modules
are removed as per the naxsi author's recommendation).
Diffstat (limited to 'testing/nginx-naxsi/anonymise.patch')
| -rw-r--r-- | testing/nginx-naxsi/anonymise.patch | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/testing/nginx-naxsi/anonymise.patch b/testing/nginx-naxsi/anonymise.patch new file mode 100644 index 0000000000..ebedc7fa26 --- /dev/null +++ b/testing/nginx-naxsi/anonymise.patch @@ -0,0 +1,76 @@ +--- nginx-1.6.1/src/http/ngx_http_header_filter_module.c ++++ nginx-1.6.1/src/http/ngx_http_header_filter_module.c +@@ -46,8 +46,8 @@ + }; + + +-static char ngx_http_server_string[] = "Server: nginx" CRLF; +-static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF; ++static char ngx_http_server_string[] = ""; ++static char ngx_http_server_full_string[] = ""; + + + static ngx_str_t ngx_http_status_lines[] = { +@@ -278,8 +278,8 @@ + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + + if (r->headers_out.server == NULL) { +- len += clcf->server_tokens ? sizeof(ngx_http_server_full_string) - 1: +- sizeof(ngx_http_server_string) - 1; ++ len += clcf->server_tokens ? sizeof(ngx_http_server_full_string) - 0: ++ sizeof(ngx_http_server_string) - 0; + } + + if (r->headers_out.date == NULL) { +--- nginx-1.6.1/src/http/ngx_http_spdy_filter_module.c ++++ nginx-1.6.1/src/http/ngx_http_spdy_filter_module.c +@@ -175,11 +175,12 @@ + + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + +- if (r->headers_out.server == NULL) { ++/* if (r->headers_out.server == NULL) { + len += ngx_http_spdy_nv_nsize("server"); + len += clcf->server_tokens ? ngx_http_spdy_nv_vsize(NGINX_VER) + : ngx_http_spdy_nv_vsize("nginx"); + } ++*/ + + if (r->headers_out.date == NULL) { + len += ngx_http_spdy_nv_nsize("date") +@@ -326,7 +327,7 @@ + + count = 2; + +- if (r->headers_out.server == NULL) { ++ /* if (r->headers_out.server == NULL) { + last = ngx_http_spdy_nv_write_name(last, "server"); + last = clcf->server_tokens + ? ngx_http_spdy_nv_write_val(last, NGINX_VER) +@@ -334,6 +335,7 @@ + + count++; + } ++*/ + + if (r->headers_out.date == NULL) { + last = ngx_http_spdy_nv_write_name(last, "date"); +--- nginx-1.6.1/src/http/ngx_http_special_response.c ++++ nginx-1.6.1/src/http/ngx_http_special_response.c +@@ -19,14 +19,14 @@ + + + static u_char ngx_http_error_full_tail[] = +-"<hr><center>" NGINX_VER "</center>" CRLF ++"<hr><center>127.0.0.1</center>" CRLF + "</body>" CRLF + "</html>" CRLF + ; + + + static u_char ngx_http_error_tail[] = +-"<hr><center>nginx</center>" CRLF ++"<hr><center>localhost</center>" CRLF + "</body>" CRLF + "</html>" CRLF + ; |