aboutsummaryrefslogtreecommitdiffstats
path: root/testing/nginx-naxsi/anonymise.patch
diff options
context:
space:
mode:
authorStuart Cardall <developer@it-offshore.co.uk>2014-09-18 03:20:50 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-09-18 09:47:11 +0000
commit7596de12a5a72588a318d4768303b18635ab44b7 (patch)
treefad92b3d4e2aab3b3001b611398253dfd020ed37 /testing/nginx-naxsi/anonymise.patch
parent080e012e1cc56363171c2544a7591918c7be26ad (diff)
downloadaports-7596de12a5a72588a318d4768303b18635ab44b7.tar.bz2
aports-7596de12a5a72588a318d4768303b18635ab44b7.tar.xz
testing/nginx-naxsi: new aport
NGINX with naxsi WAF support https://github.com/nbs-system/naxsi Built with the same modules as Debian + SysGuard from Tengine. Nginx patched to anonymise server strings. With the WAF & SysGuard enabled nginx-naxsi benchmarked @ approx 600 connections / second (the same as the standard Alpine nginx pkg). With the WAF disabled 640 connections / second (as the mail modules are removed as per the naxsi author's recommendation).
Diffstat (limited to 'testing/nginx-naxsi/anonymise.patch')
-rw-r--r--testing/nginx-naxsi/anonymise.patch76
1 files changed, 76 insertions, 0 deletions
diff --git a/testing/nginx-naxsi/anonymise.patch b/testing/nginx-naxsi/anonymise.patch
new file mode 100644
index 0000000000..ebedc7fa26
--- /dev/null
+++ b/testing/nginx-naxsi/anonymise.patch
@@ -0,0 +1,76 @@
+--- nginx-1.6.1/src/http/ngx_http_header_filter_module.c
++++ nginx-1.6.1/src/http/ngx_http_header_filter_module.c
+@@ -46,8 +46,8 @@
+ };
+
+
+-static char ngx_http_server_string[] = "Server: nginx" CRLF;
+-static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
++static char ngx_http_server_string[] = "";
++static char ngx_http_server_full_string[] = "";
+
+
+ static ngx_str_t ngx_http_status_lines[] = {
+@@ -278,8 +278,8 @@
+ clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
+ if (r->headers_out.server == NULL) {
+- len += clcf->server_tokens ? sizeof(ngx_http_server_full_string) - 1:
+- sizeof(ngx_http_server_string) - 1;
++ len += clcf->server_tokens ? sizeof(ngx_http_server_full_string) - 0:
++ sizeof(ngx_http_server_string) - 0;
+ }
+
+ if (r->headers_out.date == NULL) {
+--- nginx-1.6.1/src/http/ngx_http_spdy_filter_module.c
++++ nginx-1.6.1/src/http/ngx_http_spdy_filter_module.c
+@@ -175,11 +175,12 @@
+
+ clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
+- if (r->headers_out.server == NULL) {
++/* if (r->headers_out.server == NULL) {
+ len += ngx_http_spdy_nv_nsize("server");
+ len += clcf->server_tokens ? ngx_http_spdy_nv_vsize(NGINX_VER)
+ : ngx_http_spdy_nv_vsize("nginx");
+ }
++*/
+
+ if (r->headers_out.date == NULL) {
+ len += ngx_http_spdy_nv_nsize("date")
+@@ -326,7 +327,7 @@
+
+ count = 2;
+
+- if (r->headers_out.server == NULL) {
++ /* if (r->headers_out.server == NULL) {
+ last = ngx_http_spdy_nv_write_name(last, "server");
+ last = clcf->server_tokens
+ ? ngx_http_spdy_nv_write_val(last, NGINX_VER)
+@@ -334,6 +335,7 @@
+
+ count++;
+ }
++*/
+
+ if (r->headers_out.date == NULL) {
+ last = ngx_http_spdy_nv_write_name(last, "date");
+--- nginx-1.6.1/src/http/ngx_http_special_response.c
++++ nginx-1.6.1/src/http/ngx_http_special_response.c
+@@ -19,14 +19,14 @@
+
+
+ static u_char ngx_http_error_full_tail[] =
+-"<hr><center>" NGINX_VER "</center>" CRLF
++"<hr><center>127.0.0.1</center>" CRLF
+ "</body>" CRLF
+ "</html>" CRLF
+ ;
+
+
+ static u_char ngx_http_error_tail[] =
+-"<hr><center>nginx</center>" CRLF
++"<hr><center>localhost</center>" CRLF
+ "</body>" CRLF
+ "</html>" CRLF
+ ;