Disabling Headers / Banners

 Apache, Lïñµx, ñgïñx, PHP, Uncategorized, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Jan 182012
 

 

I usually don’t disable apache, php, nginx headers because to me that is just security through obscurity.

My thoughts are this…..

  1. if someone doesn’t know what version of software you are running and they decide to hack your domain or server, they will simply throw every public exploit at it that exists for said product or even simply “fingerprint” it for the correct version
  2. It makes my life easier because I can also query for those headers if for some reason I don’t remember the version of software (which saves me from logging in to the server or using other methods that might take longer – efficiency is key!)
  3. skiddies are going to throw everything at it anyways

On the flipside…..

Continue reading »

 Tagged with: , , , , , ,

þ姧wðrÐ þrð†ê¢†ïñg wþ-åÐmïñ wï†h ñgïñx

 ÇlðµÐ, Lïñµx, ñgïñx, Rê§êår¢h, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Sep 122011
 

This is just a quick note on how to password protect wp-admin using nginx.

You may have to fiddle with the location of the lines in the site.conf file.

Where I thought the config variables needed to go, gave me a “download file” of type bin in nginx after authentication.

So, here is how I did it:

server {
   listen 80;
   server_name domain.com www.domain.com;
   access_log /logs/domain.com-access.log;
   error_log /logs/domain.com-error.log;
   root /var/www/sites/domain.com/htdocs;
location / {
try_files $uri $uri/ /index.php?q=$request_uri;
	   }
include /usr/nginx/conf/staticfiles.conf;
include /usr/nginx/conf/php.conf;
include /usr/nginx/conf/drop.conf;
 
        # password protect wp-admin
                location ~ ^/wp-admin {
                auth_basic “Restricted”;
                auth_basic_user_file /path/to/htpasswd/file;
                try_files $uri $uri/ /index.php?q=$request_uri;
                }
}

 Tagged with: , , , ,
© ÈÐ Wïgê† Ðð† ñåmê Suffusion theme by Sayontan Sinha