Newbie questions about nginx (moving from apache)
Thomas Love
tomlove at gmail.com
Sat May 28 17:21:49 MSD 2011
On 27 May 2011 18:59, pk899 <nginx-forum at nginx.us> wrote:
> thanks. i have reading about nginx a lot on the internet. and it seems
> to me that many features of mod_security are available inside nginx.
>
> i like this post:
> http://eng.eelcowesemann.nl/linux-unix/nginx/nginx-blocking/
>
> my questions.
> 1. how should i block remote_addr based on IP in a certain external
> file?
>
It's in your link: include /etc/nginx/block.conf;
But it's not really nginx's job to secure your server from attackers. Use
iptables or similar for that.
2. to block xss or such type of injection attacks -- any best practice
> rules?
>
These are application-level problems (HTML, JS, SQL etc.) and are not
specific to your server software.
> 3. can i block based on "request_uri"? if some hosts are in it
> (parameter) then block it.
>
http://eng.eelcowesemann.nl/linux-unix/nginx/nginx-blocking/
Use $request_uri instead of $http_referer
> 4. can i block based on RBL checks? from spamhaus etc.
Not that I know of, and if you are deploying nginx for speed then this is
the last job you want to give it. Block proxies/spammers at the application
level where posting actually happens (e.g. in postcommentform.php), not for
every HTTP request you receive.
>
thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20110528/84ba52b1/attachment.html>
More information about the nginx
mailing list