Skip to main content

Posts

Showing posts from June, 2023

harden 3rd process

  Step 1. Disable Any Unwanted nginx Modules When you install nginx, it automatically includes many modules. Currently, you cannot choose modules at runtime. To disable certain modules, you need to recompile nginx. We recommend that you disable any modules that are not required as this will minimize the risk of potential attacks by limiting allowed operations.  To do this, use the  configure  option during installation. In the example below, we disable the  autoindex  module, which generates automatic directory listings, and then recompile nginx. # ./configure --without-http_autoindex_module # make # make install Step 2. Disable nginx server_tokens By default, the  server_tokens  directive in nginx displays the nginx version number. It is directly visible in all automatically generated error pages but also present in all HTTP responses in the  Server  header. This could lead to information disclosure – an unauthorized user could gain ...

harden another process

  Nginx Testing Environment We will use the following environment in this guide: Debian GNU/Linux 8.1 (jessie). IP address:  192.168.0.25  ( helptechnews.com ) and 192.168.0.26 ( helptechnews .com ), as described in the IP-based virtual hosts section at Nginx version: nginx/1.6.2. For your convenience, here is the final configuration file. With that in mind, let’s begin. ​TIP #1: Keep Nginx up to date At the time of this writing, the latest Nginx versions in the CentOS (in  EPEL ) and Debian repositories are  1.6.3  and  1.6.2-5 , respectively. Although installing software from the repositories is easier than compiling the program from source code, this last option has two advantages: 1) it allows you to build extra modules into Nginx (such as mod_security), and 2) it will always provide a newer version than the repositories ( 1.9.9  as of today). The release notes are always available in the Nginx web site. ​TIP #2: Remove Unnecessary Modules in ...