Newbie questions about nginx (moving from apache)

Thomas Love tomlove at
Sat May 28 17:21:49 MSD 2011

On 27 May 2011 18:59, pk899 <nginx-forum at> wrote:

> thanks. i have reading about nginx a lot on the internet. and it seems
> to me that many features of mod_security are available inside nginx.
> i like this post:
> my questions.
> 1. how should i block remote_addr based on IP in a certain external
> file?

It's in your link: include /etc/nginx/block.conf;
But it's not really nginx's job to secure your server from attackers. Use
iptables or similar for that.

2. to block xss or such type of injection attacks -- any best practice
> rules?

These are application-level problems (HTML, JS, SQL etc.) and are not
specific to your server software.

> 3. can i block based on "request_uri"? if some hosts are in it
> (parameter) then block it.
Use $request_uri instead of $http_referer

> 4. can i block based on RBL checks? from spamhaus etc.

Not that I know of, and if you are deploying nginx for speed then this is
the last job you want to give it. Block proxies/spammers at the application
level where posting actually happens (e.g. in postcommentform.php), not for
every HTTP request you receive.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list