dave at cheney.net
Sat Feb 21 10:10:27 MSK 2009
Both of those attack vectors relate to web applications, not web
servers. Nginx and apache do their part to make sure any data proxied
through them to the web application is well formed. However it is the
applications job, not the web servers, to make sure it behaves
correctly in the presence of untrusted data.
On 21/02/2009, at 8:01 AM, Paul Greenwood wrote:
> Is there some specific parameters that are used to lock down nginx
> for example that might prevent sql injection or css attacks. I have
> read "Apache Security" and "Preventing Apache Web Attacks" but not
> quite sure how to apply that knowledge to nginx. I would appreciate
> any suggestions.
More information about the nginx