我是在EKS上裝Ingress NGINX Controller
如何防止wappalyzer探測技術
我是在EKS上裝Ingress NGINX Controller
修改 ConfigMap(在 ingress-nginx 的 ConfigMap 全域設定)
#執行以下指令來編輯 ConfigMap:
kubectl edit configmap ingress-nginx-controller -n ingress-nginx
然後加上(例如):
data:
server-snippet: |
#清除常見的技術標頭
more_clear_headers Server;
more_clear_headers "X-Powered-By";
more_clear_headers "X-Generator";
more_set_headers "Server: myserver";
或是:
data:
server-snippet: |
#阻擋特定 User-Agent(例如自動化探測工具)
if ($http_user_agent ~* "(wappalyzer|whatruns|builtwith|nmap|curl)") {
return 403;
}
#原本 curl -I https://www.mywebsite.com 會顯示
HTTP/2 200
date: Mon, 05 May 2025 06:37:37 GMT
content-type: text/html
content-length: 441
last-modified: Thu, 24 Apr 2024 05:08:34 GMT
etag: "6904c382-1b9"
accept-ranges: bytes
strict-transport-security: max-age=1234567; includeSubDomains
儲存後,重新啟動 ingress-nginx controller:
kubectl rollout restart deployment ingress-nginx-controller -n ingress-nginx
#再一次curl -I https://www.mysite.com
HTTP/2 403
date: Mon, 05 May 2025 06:58:52 GMT
content-type: text/html
content-length: 146
然後Server的版本,和後台用的工具就看不到了 XD