Nginx 中的硬编码标头大小限制/超时值 [英] Hardcode header size limit / timeout values in Nginx

问题描述

我们如何在 nginx 源代码中硬编码标头大小限制和超时值?.因为我要将我的服务器提供给客户，所以他不想看到我的配置调整.

How do we hardcode the header size limits and timeout values in nginx source code ?. As I'm going to give my server to clients , so he don't want to see my configuration tweaks.

推荐答案

也许重新思考您要隐藏的内容和原因——以及您希望客户如何与您提供的配置进行交互.标头缓冲区大小和超时不是过于敏感的信息；来自网络的精心设计的 HTTP 请求可以很容易地确定两者.

Perhaps rethink what you're trying to hide and why -- and how you expect your client to interact with the configuration you're providing. Header buffer sizes and timeouts aren't overly sensitive information; a well crafted HTTP request from the web could determine both fairly easily.

如果目的是防止您的客户端看到您的配置，请考虑简单地根据文件访问权限限制访问或在 Nginx 中使用 include 指令将您的代码移到他们将访问的文件之外直接.

If the aim is to prevent your client seeing your configuration, consider simply restricting access based on file access rights or use include directives within Nginx to move your code outside of files that they'll be accessing directly.

请注意，为了将这些选项实际硬编码到 Nginx 中，您需要修改 Nginx 源代码，从client_header_buffer_size 和 large_client_header_buffers 的默认配置等方面开始代码>(请参阅在 ngx_http_core_module.c 然后在其他地方添加额外的代码来防止这些设置被更改.这同样适用于超时值.简而言之，这是对 Nginx 的一次重要重写，并且可能被解决的问题要少得多密集.

For note, in order to actually hardcode these options into Nginx, you'd need to modify the Nginx source code, starting with aspects like the default configuration for client_header_buffer_size and large_client_header_buffers (see the lines of code where the defaults are defined in ngx_http_core_module.c and then adding additional code elsewhere that prevents these settings from being changed. The same applies for the timeout values. In short, this is a non-trivial rewrite to Nginx and likely be solved by something far less intensive.

这篇关于Nginx 中的硬编码标头大小限制/超时值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！