Nginx Security Hardening and Rules

c0nw0nk nginx-forum at
Mon Oct 20 13:37:51 UTC 2014

Yeah sorry about that Maxim i don't actualy use the allow ip feature i
accidently hashed out the #deny all; and this forum does not let us edit our

Other than that the following that you posted.

if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;

For nginx itself this is not needed. Something like this may be
useful if you are protecting your backends. See also limit_except
which can be used on a per-location level:

limit_except GET POST {
deny all;

Did you intentionaly miss Head ?
limit_except GET HEAD POST {
deny all;

I dont see the benefit from using one to the other they both do the same

Posted at Nginx Forum:,254125,254166#msg-254166

More information about the nginx mailing list