Secure nginx

Dave Cheney dave at
Sat Feb 21 10:10:27 MSK 2009

Both of those attack vectors relate to web applications, not web  
servers. Nginx and apache do their part to make sure any data proxied  
through them to the web application is well formed. However it is the  
applications job, not the web servers, to make sure it behaves  
correctly in the presence of untrusted data.



On 21/02/2009, at 8:01 AM, Paul Greenwood wrote:

> Is there some specific parameters that are used to lock down nginx  
> for example that might prevent sql injection or css attacks.  I have  
> read "Apache Security" and "Preventing Apache Web Attacks" but not  
> quite sure how to apply that knowledge to nginx.  I would appreciate  
> any suggestions.
> Thanks

More information about the nginx mailing list