The Astropreneur Toolkit

With the rise of Astropreneurs (Space Entrepreneurs) around the world, many can find it difficult to get going. Though the barriers to entry for Space have fallen dramatically in the last decade, it…

Smartphone

独家优惠奖金 100% 高达 1 BTC + 180 免费旋转




Harden nginx from malicious scanners

I wanted to go over a lesser know technique to help shield your site from some types of malicious internet scanners. I’ve heard estimates that malicious scanners only take 15 minutes before discovering your server and probing it for weaknesses.

Most example nginx configs start out like this:

This way if someone hits your website, yet doesn’t know which domain you’re using they get nothing but 404. This should be better than 401 or 403 as you aren’t confirming or denying access, just that what they asked for does not exist. Also we can serve it up via an self signed ssl certificate that says nothing but blackhole as the CNAME, making it much harder to get additional intel.

This same technique can be used for location blocks as well.

So if you have whitelisted paths and routes in your nginx config, basically anything that doesn’t match known paths will also return a 404 rather than hammering your backend with bogus requests. Note that even if you don’t have a default location / section, nginx may send your request to another location block. Therefore it’s always best to specify a default location / section to make that behavior explicit.

Using these techniques by no means prevents hackers from compromising your servers but it’s another layer to add to a robust security program. It also has the added benefit of lowering CPU by shielding your backend servers from unnecessary load.

Add a comment

Related posts:

Nurture.AI Article Contribution Rewards

We find blog articles a great way to spread AI knowledge, as well as make the latest AI research more accessible, hence it is very much in line with Nurture.AI’s mission of making AI research more…

How to install WSO2 API Manager

WSO2 API Manager is open source and can be downloaded from WSO2 website for whatever purpose you might have for it. Since it is a fully open source product there is no cost at all to use the product…

How to connect with Influencers with almost no Marketing Budget ?

They end up paying a lot of money to large advertising and social platforms with little or no result. After dealing with fake bot visits and little or no conversions, they have little to no options…