Newbie questions about nginx (moving from apache)
tomlove at gmail.com
Sat May 28 17:21:49 MSD 2011
On 27 May 2011 18:59, pk899 <nginx-forum at nginx.us> wrote:
> thanks. i have reading about nginx a lot on the internet. and it seems
> to me that many features of mod_security are available inside nginx.
> i like this post:
> my questions.
> 1. how should i block remote_addr based on IP in a certain external
It's in your link: include /etc/nginx/block.conf;
But it's not really nginx's job to secure your server from attackers. Use
iptables or similar for that.
2. to block xss or such type of injection attacks -- any best practice
These are application-level problems (HTML, JS, SQL etc.) and are not
specific to your server software.
> 3. can i block based on "request_uri"? if some hosts are in it
> (parameter) then block it.
Use $request_uri instead of $http_referer
> 4. can i block based on RBL checks? from spamhaus etc.
Not that I know of, and if you are deploying nginx for speed then this is
the last job you want to give it. Block proxies/spammers at the application
level where posting actually happens (e.g. in postcommentform.php), not for
every HTTP request you receive.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx