Newbie questions about nginx (moving from apache)

Thomas Love tomlove at gmail.com
Sat May 28 17:21:49 MSD 2011


On 27 May 2011 18:59, pk899 <nginx-forum at nginx.us> wrote:

> thanks. i have reading about nginx a lot on the internet. and it seems
> to me that many features of mod_security are available inside nginx.
>
> i like this post:
> http://eng.eelcowesemann.nl/linux-unix/nginx/nginx-blocking/
>
> my questions.
> 1. how should i block remote_addr based on IP in a certain external
> file?
>

It's in your link: include /etc/nginx/block.conf;
But it's not really nginx's job to secure your server from attackers. Use
iptables or similar for that.

2. to block xss or such type of injection attacks -- any best practice
> rules?
>

These are application-level problems (HTML, JS, SQL etc.) and are not
specific to your server software.


> 3. can i block based on "request_uri"? if some hosts are in it
> (parameter) then block it.
>

http://eng.eelcowesemann.nl/linux-unix/nginx/nginx-blocking/
Use $request_uri instead of $http_referer


> 4. can i block based on RBL checks? from spamhaus etc.


Not that I know of, and if you are deploying nginx for speed then this is
the last job you want to give it. Block proxies/spammers at the application
level where posting actually happens (e.g. in postcommentform.php), not for
every HTTP request you receive.


>

thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20110528/84ba52b1/attachment.html>


More information about the nginx mailing list