[PATCH] Change classification of nginx from http-proxy to http

[Sven Klemm <sven () c3d2 de>]

Hi,

currently nginx is classified as http-proxy even though it is not 
really a http proxy but a web server with reverse proxy capabilities 
similar to apache. The attached patch changes the classification to 
http. I put the matchline below the Apache ones because according to 
Netcraft it's the third most popular web server.

See http://en.wikipedia.org/wiki/Nginx for more information.

Any objections to this change?

Cheers,
Sven

--
Sven Klemm
http://cthulhu.c3d2.de/~sven/

Index: nmap-service-probes
===================================================================
--- nmap-service-probes (revision 10026)
+++ nmap-service-probes (working copy)
@@ -3536,6 +3536,8 @@
 match http m|^HTTP/1\.[01] \d\d\d.*\r\nServer: Apache[- ]Coyote/(\d[-\d.]+)\r\n|s p|Apache Tomcat/Coyote JSP engine| 
v|$1|
 match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Apache/([\w-_.]+) Ben-SSL/([\w-_.]+) \(Unix\)\r\n|s p/Apache httpd/ 
v/$1/ i/Ben-SSL $1/ o/Unix/
 
+match http m!^HTTP/1\.1 ([1235]\d\d|4(\d[1-9]|[1-9]\d)) .*\r\nServer: nginx/([\d.]+)\r\n! p/nginx web server/ v/$3/
+
 match http m|^HTTP/1\.1.*\r\nServer: Netscape-Enterprise/([-.\w]+)\r\n| p/Netscape Enterprise httpd/ v/$1/
 # Citrix NFuse 2.0 on MS IIS 5.0
 match http m|^HTTP/1\.[01].*\r\nServer: Microsoft-IIS/([-.\w]+)\r\n.*\r\nContent-Location: 
http://[^/]+/nfuse.htm\r\n.*\r\n---- NFuse ([-.\w]+) \(Build |s p/Citrix NFuse/ v/$2/ i/Microsoft IIS $1/ o/Windows/
@@ -4978,7 +4980,6 @@
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: BlueCoat-Security-Appliance\r\n|s p/BlueCoat http proxy/
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nProxy-agent: BlueCoat-WinProxy\r\n| p/BlueCoat WinProxy http proxy/ 
o/Windows/
 match http-proxy m|^HTTP/1\.0 200 Connection established\r\nPragma: no-cach\r\nContent-Type: text/html; 
charset=windows-1251\r\n\r\n$| p/UserGate http proxy/ o/Windows/
-match http-proxy m!^HTTP/1\.1 ([1235]\d\d|4(\d[1-9]|[1-9]\d)) .*\r\nServer: nginx/([\d.]+)\r\n! p/nginx http proxy/ 
v/$3/
 match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: Simple, Secure Web Server ([\d.]+)\r\n|s p/Symantec firewall http 
proxy/ i/Simple, Secure Web Server $1/ d/firewall/
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nContent-Length: \d+\r\n.*\r\n\r\n.*<B>KEN! Proxy</B>|s p/AVM KEN! http 
proxy/
 match http-proxy m|^HTTP/1\.0 400 Bad request\r\nContent-Type: text/html\r\nPragma: no-cache\r\n\r\n<H4><font 
COLOR=\"#FF0000\">Error parsing http request : </font></H2><p><pre>GET / / HTTP/1\.0\r\n\r\n</pre>| p/Kerio Winroute 
Pro http proxy/ o/Windows/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org