Nginx – Page 5 – WindowsTechs.com

Which is more secure and better practice? Setting up a reverse proxy on backend with localhost or on a separate VM and route to other VMs/services?

Posted on May 11, 2022 by CapacityVirus

I wanna know if it’s better in terms of security, availability and best practice to set up a nginx reverse proxy on my backend and use it with localhost or to set up a VM that handles everything for me.
I assume that using a separate VM wi… Continue reading Which is more secure and better practice? Setting up a reverse proxy on backend with localhost or on a separate VM and route to other VMs/services?→

Very slow SOAP POST request processing with ModSecure for certain rules (SQL, IIS and system exploits)

Posted on May 10, 2022 by Elvinas

While trying to implement NGinx WAF with ModSecurity 3.0.6 I am facing the issue with very poor XML SOAP POST performance. Rrequests takes ~5 seconds with occasional spikes up to 10 seconds.
If I disable the following set of ModSecurity Co… Continue reading Very slow SOAP POST request processing with ModSecure for certain rules (SQL, IIS and system exploits)→

How to stop/reduce constant DNS Spoof/Poisoning Attack from NGINX server if DNSSEC is not offered from provider?

Posted on May 7, 2022 by user0102932

Currently my domain is sitting without DNSSEC security because my domain provider didnt support it for my ccTLD domain, the feature will only be available once i renew my domain in about 2 months time.
As you can maybe guess, i am a vitcim… Continue reading How to stop/reduce constant DNS Spoof/Poisoning Attack from NGINX server if DNSSEC is not offered from provider?→

This Week in Security: OpenSSH, Git, and Sort-of NGINX 0-day

Posted on April 15, 2022 by Jonathan Bennett

OpenSSH has minted their 9.0 release, and it includes a pair of security changes. Unlike most of the releases we cover here, this one has security hardening to prevent issues, …read more Continue reading This Week in Security: OpenSSH, Git, and Sort-of NGINX 0-day→

Restrict HTTPS endpoint access

Posted on April 11, 2022 by transient_loop

So far I have been using keepassxc as my password manager. I am syncing passwords from different devices. Delays have been substantial as have been syncing issues. The file was stored behind a nextcloud frontend.
That’s why I was wanting t… Continue reading Restrict HTTPS endpoint access→

Can anyone help finding what’s shady things are logged on my nginx webserver? [duplicate]

Posted on April 8, 2022 by ashdcodes

I have a hosted a simple react website(testing) with nginx webserver and cloudflare as ssl provider.My website is down from few days with cloudflare error 525 "SSL handshake failed".I was pretty sure my SSL keys are not expired,s… Continue reading Can anyone help finding what’s shady things are logged on my nginx webserver? [duplicate]→

Ruby on Rails: Request to http://\localhost/admin/config.php

Posted on April 5, 2022 by Railsana

I got an exception notification for a request from 92.118.39.180:61001 to: http://\localhost/admin/config.php
This is the notification:
——————————-
Request:
——————————-

* URL : http://\local… Continue reading Ruby on Rails: Request to http://\localhost/admin/config.php→

How might I rate-limit in nginx against a distributed attacker that has set the number of parallel connections in xerxes to 1?

Posted on March 5, 2022 by John Smith

An attacker tweaks xerxes by setting the number of CONNECTIONS in xerxes to 1 instead of 8, like so:
#define CONNECTIONS 1

They then attack with xerxes-executable mydomain 433.
Their strategy is to use eight time less connections from eac… Continue reading How might I rate-limit in nginx against a distributed attacker that has set the number of parallel connections in xerxes to 1?→

How to hide restricted nginx subdomains?

Posted on February 22, 2022 by Polizi8

To hide a restricted location, e.g.
location /secret/ {
allow 10.0.0.0/24;
deny all;
}

one could set
error_page 403 =404 /404.html;
error_page 404 /404.html;

to make impossible to distinguish a non-existing location (404) from a restri… Continue reading How to hide restricted nginx subdomains?→

TLS session tickets between proxy and upstreams

Posted on February 8, 2022 by CrazyRabbit

I’m planning to implement (nginx) ssl_session_tickets in addition to ssl_session_cache between a proxy and upstream. They’re not located in the same DC so TLS must be in place.
My questions are : 1) as handshakes will only be made between … Continue reading TLS session tickets between proxy and upstreams→