Home > Operation and Maintenance > Nginx > Nginx security firewall configuration to protect the website from malicious attacks

Nginx security firewall configuration to protect the website from malicious attacks

WBOY
Release: 2023-07-04 09:13:39
Original
4399 people have browsed it

Nginx security firewall configuration to protect websites from malicious attacks

Introduction:
In today's Internet era, websites face various security threats, such as malicious attacks, intrusions, etc. In order to protect the data and user privacy of the website, we need to take a series of measures to strengthen the security of the website. Nginx is a high-performance web server that also provides rich features in terms of security. We can protect the website from malicious attacks through Nginx firewall configuration.

1. Nginx security firewall configuration

  1. Installing Nginx
    First, we need to install the Nginx server. Nginx can be installed through the following command:
$ sudo apt update
$ sudo apt install nginx
Copy after login
  1. Configure Nginx firewall
    The firewall function of Nginx is implemented through the configuration file nginx.conf. Open the nginx.conf file, find the configuration section of the http section, and add the following content:
http {
    # 允许的IP列表
    deny 192.168.0.1;
    allow 192.168.0.0/24;
    
    # 防止目录遍历攻击
    location ~ /. {
        deny all;
    }
    
    # 防止SQL注入攻击
    location ~ inj/ {
        deny all;
    }
    
    # 限制HTTP请求方法
    if ($request_method !~ ^(GET|HEAD|POST)$) {
        return 444;
    }
    
    # 禁止目录索引的访问
    location ~ ^/(.|php) {
        deny all;
    }
}
Copy after login

In the above configuration example, deny is used to deny specific IP addresses, and allow is used to allow specific IP address sections. . With this configuration, we can restrict access to our website to only specific IP addresses.

location ~ /. { deny all; } This configuration is used to prevent directory traversal attacks. When the access URL contains "../", 403 Forbidden is returned.

location ~ inj/ { deny all; } This configuration is used to prevent SQL injection attacks. When the URL contains "inj/", 403 Forbidden is returned.

if ($request_method !~ ^(GET|HEAD|POST)$) { return 444; } This configuration is used to limit the HTTP request method, only GET, HEAD, and POST are allowed Three methods, other methods return 444 indicating no response.

location ~ ^/(.|php) { deny all; } This configuration is used to prohibit access to the directory index when the URL ends with "/." or ".php" At the end, 403 Forbidden is returned.

  1. Restart Nginx server
    After completing the above configuration, we need to restart the Nginx server to make the configuration take effect:
$ sudo systemctl restart nginx
Copy after login

2. Summary
Firewall configuration through Nginx , we can effectively protect our website from malicious attacks. These configurations are only entry-level protection measures. For more complex attacks, we need to further strengthen the security of the website, such as using Web Application Firewall (WAF), HTTPS, etc. In the process of building a secure website, we need to pay close attention to the latest security threats and vulnerabilities, and promptly update and improve protective measures to improve the security of the website.

The above is an introduction to Nginx security firewall configuration. I hope it will be helpful to everyone. Through reasonable configuration and protection measures, we can ensure the security of the website and provide a better user experience.

The above is the detailed content of Nginx security firewall configuration to protect the website from malicious attacks. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template