Newbie questions about nginx (moving from apache)

Thomas Love tomlove at gmail.com
Sat May 28 17:56:41 MSD 2011


On 28 May 2011 15:31, pk899 <nginx-forum at nginx.us> wrote:

> Thanks. The RBL checking in Apache (via mod security) can happen in very
> specific manner. I could specify that they check only specific arguments
> (the very precise "input" field in the html) in a very specific page
> ("postcommentform.php").
>

There is no module like this for nginx that I'm aware of but you can
probably find application-level libraries to do it. The fewer conditionals
at the HTTP server level the better.


> Similarly, sure, the application needs to be smartly coded to prevent
> against injections. But mod_security enables blocking this at a much
> earlier phase in the web transaction. And it's easy to control this a
> bit better at the hosting level.
>
> If it's important then leave it on Apache with your web application. It
will still do what it does upstream of nginx.


> Clearly, I am looking at nginx not only as a "speed option", but as a
> replacement for Apache. Several blogs online say that they have moved to
> nginx. I am trying to see how. Apache is sadly bloated but thanks to
> mod_security etc it's a very, very practical modern solution.
>

IMO its bloat is not helped by being piled with high with modules. This is
where nginx comes in, and being relatively free of modules was one of its
selling points for me.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20110528/03bec3e2/attachment.html>


More information about the nginx mailing list