nginx屏蔽服务器类型信息,简单的禁止CURL 访问服务器nginx

user  nobody;

worker_processes  1;

error_log  logs/error.log;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {

use  epoll;   #epoll是多路复用IO

worker_connections  1024;

}

http {

include       mime.types;

default_type  application/octet-stream;

#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

#                  '$status $body_bytes_sent "$http_referer" '

#                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  logs/access.log;

sendfile        on;

#tcp_nopush     on;

#keepalive_timeout  0;

keepalive_timeout  65;

gzip  on;

gzip_min_length 1100;

gzip_buffers 4 8k;

gzip_types text/plain;

output_buffers 1 32k;

postpone_output 1460;

#设定请求缓冲

client_header_buffer_size 1k;

large_client_header_buffers 4 4k;

server {

listen       80;

server_name  dev.centos.com;

#charset koi8-r;

#access_log  logs/host.access.log  main;

root   /www;

index  index.php index.html index.html

charset utf8;

location / {

# First attempt to serve request as file, then

# as directory, then fall back to index.html

try_files $uri $uri/ /index.php;

# Uncomment to enable naxsi on this location

# include naxsi.rules

rewrite ^/(.*)$ /index.php/$1 last;

}

#error_page  404              /404.html;

# redirect server error pages to the static page /50x.html

#

error_page   500 502 503 504  /50x.html;

location = /50x.html {

root   html;

}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80

#

#location ~ \.php$ {

#    proxy_pass   http://127.0.0.1;

#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

#

location ~ \.(php|php5) {

root /www;

fastcgi_pass   127.0.0.1:9000;

fastcgi_index  index.php;

fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

include        fastcgi_params;

if ( $http_user_agent ~ ^$){#禁止空user-agent

return 503;

}

if ($http_user_agent ~* "curl"){#禁止curl访问

return 404;

}

if ( $http_user_agent ~* "Mozilla/4.0\ \(compatible;\ MSIE\ 6.0;\ Windows\ NT\ 5.1;\ SV1;\ .NET\ CLR\ 2.050727;\ .NET\ CLR\ 3.0.4506.2152;\ .NET\ CLR\ 3.5.30729\)" ){

return 503;

}

}

#设定查看nginx状态地址

location /NginxStatus{

access_log on;

auth_basic  "NginxStatus";

auth_basic_user_file conf/htpasswd;

}

# deny access to .htaccess files, if Apache's document root

# concurs with nginx's one

#

#location ~ /\.ht {

#    deny  all;

#}

}

# another virtual host using mix of IP-, name-, and port-based configuration

#

#server {

#    listen       8000;

#    listen       somename:8080;

#    server_name  somename  alias  another.alias;

#    location / {

#        root   html;

#        index  index.html index.htm;

#    }

#}

# HTTPS server

#

#server {

#    listen       443;

#    server_name  localhost;

#    ssl                  on;

#    ssl_certificate      cert.pem;

#    ssl_certificate_key  cert.key;

#    ssl_session_timeout  5m;

#    ssl_protocols  SSLv2 SSLv3 TLSv1;

#    ssl_ciphers  HIGH:!aNULL:!MD5;

#    ssl_prefer_server_ciphers   on;

#    location / {

#        root   html;

#        index  index.html index.htm;

#    }

#}

include vhost/*.conf;

}