Nginx security firewall configuration to protect the website from malicious attacks

Nginx security firewall configuration to protect websites from malicious attacks

Introduction:
In today's Internet era, websites face various security threats, such as malicious attacks, intrusions, etc. In order to protect the data and user privacy of the website, we need to take a series of measures to strengthen the security of the website. Nginx is a high-performance web server that also provides rich features in terms of security. We can protect the website from malicious attacks through Nginx firewall configuration.

1. Nginx security firewall configuration

1. Installing Nginx
   First, we need to install the Nginx server. Nginx can be installed through the following command:

$ sudo apt update
$ sudo apt install nginx

2. Configure Nginx firewall
   The firewall function of Nginx is implemented through the configuration file nginx.conf. Open the nginx.conf file, find the configuration section of the http section, and add the following content:

http {
    # 允许的IP列表
    deny 192.168.0.1;
    allow 192.168.0.0/24;
    
    # 防止目录遍历攻击
    location ~ /. {
        deny all;
    }
    
    # 防止SQL注入攻击
    location ~ inj/ {
        deny all;
    }
    
    # 限制HTTP请求方法
    if ($request_method !~ ^(GET|HEAD|POST)$) {
        return 444;
    }
    
    # 禁止目录索引的访问
    location ~ ^/(.|php) {
        deny all;
    }
}

In the above configuration example, deny is used to deny specific IP addresses, and allow is used to allow specific IP address sections. . With this configuration, we can restrict access to our website to only specific IP addresses.

location ~ /. { deny all; } This configuration is used to prevent directory traversal attacks. When the access URL contains "../", 403 Forbidden is returned.

location ~ inj/ { deny all; } This configuration is used to prevent SQL injection attacks. When the URL contains "inj/", 403 Forbidden is returned.

if ($request_method !~ ^(GET|HEAD|POST)$) { return 444; } This configuration is used to limit the HTTP request method, only GET, HEAD, and POST are allowed Three methods, other methods return 444 indicating no response.

location ~ ^/(.|php) { deny all; } This configuration is used to prohibit access to the directory index when the URL ends with "/." or ".php" At the end, 403 Forbidden is returned.

3. Restart Nginx server
   After completing the above configuration, we need to restart the Nginx server to make the configuration take effect:

$ sudo systemctl restart nginx

2. Summary
Firewall configuration through Nginx , we can effectively protect our website from malicious attacks. These configurations are only entry-level protection measures. For more complex attacks, we need to further strengthen the security of the website, such as using Web Application Firewall (WAF), HTTPS, etc. In the process of building a secure website, we need to pay close attention to the latest security threats and vulnerabilities, and promptly update and improve protective measures to improve the security of the website.

The above is an introduction to Nginx security firewall configuration. I hope it will be helpful to everyone. Through reasonable configuration and protection measures, we can ensure the security of the website and provide a better user experience.

The above is the detailed content of Nginx security firewall configuration to protect the website from malicious attacks. For more information, please follow other related articles on the PHP Chinese website!