Nginx is one of the most popular Web servers today.
It serves 7% of the world's web traffic and is growing at an alarming rate. It's a surprising server and I'm willing to deploy it.
The following is a list of common security traps and solutions that can be assisted to ensure that your Nginx deployment is secure.
1. Use "if" carefully in the configuration file.
was released last week. Even if the file name is Hello.php.jpeg it will match ~. Php$ this regular and executes the file. There are now two good ways to solve these problems. I think it is necessary to ensure that you do not easily execute arbitrary code blending methods. 1. If the file is not found, use Try_files and only (which should be noted in all dynamic execution scenarios) to forward it to the fcgi process running PHP.
can add
Ssi off;.
5.
Disable server flag. If it is enabled (by default), all error pages will display the server version and information. Set
Server_tokens off;Add the declaration to the Nginx configuration file to solve this problem.
6.
Set custom cache in the configuration file to limit the possibility of buffer overflow attacks.
Client_body_buffer_size 1 K;
Client_header_buffer_size
Here is a list of common security traps and solutions that can be used to help ensure that your Nginx deployment is secure.
1. Use "if" carefully in the configuration file. It is part of the rewrite module and should not be used anywhere.
Copy Code code as follows:
An "if" declaration is a mandatory part of an override module evaluation directive. In other words, Nginx's configuration is
user, reducing the pressure on the backend web server and improving the response speed. Therefore, nginx also has the cache function. Workflow of reverse proxy: 1) The user sends an access request through the domain name, and the domain name is resolved to the IP address of the reverse proxy server; 2) the reverse proxy server receives the user's request; 3) the
take precedence over the local cache.One workaround is to turn on the server push only for the first access user. The following is an example of the official Nginx, based on the Cookie to determine whether the first access.
Server{Listen443 SSL HTTP2 Default_server; Ssl_certificate SSL/certificate. PEM; Ssl_certificate_key SSL/key. PEM; Root/var/www/html; Http2_push_preload on; Location = /demo. html {add_header Set-cookie "Session=
Nginx introduction:
Official Website: http://nginx.org. Based on official documents, it is more useful for reference. Therefore, some common commands are translated in the form of additional URLs.
Click "simplified Chinese" to view the nginx features.
1. Automatic Indexing: in the same way as apache, when the webserver directory does not contain the first
Category: Windows programming C + + 2012-10-27 19:56 3410 people read reviews (1) favorite reports There are four threads of 1, 2, 3, 4. The function of thread 1 is output 1, the function of thread
Nginx is a lightweight and high-performance WEB server, concurrent processing power, low resource consumption, whether it is a static server or small Web site, nginx performance is better, as a supplement to Apache and the use of more and more high-rate.Add Nginx Virtual HostThis assumes that everyone's Nginx server ha
Atitit Cache Caching Path Attilax Etti Summary
1. Purpose of using caching (using cache) 1
1.1.1. Reduce the burden on the database by achieving the target 1
1.2. Speed up the query 2
2. Common parameter expiration time of the cache (seconds
You are welcome to repost it. For more information, see the source region. 1)
Ngx_get_options: Get some running options.
-G ngx_conf_params
Run commands
Global variables after running ngx_get_options
./Nginx-C/usr/local/nginx/CONF/nginx. conf
U_char * ngx_conf_file = "/usr/local/
Here are 10 common security issues and solutions to make your nginx more secure.1. Use "if" carefully in the configuration file. It is part of the rewrite module and should not be used anywhere. An "if" declaration is a mandatory part of an override module evaluation directive. In other words, Nginx's configuration is generally declarative. In some cases, they ar
: This article describes the schematic Nginx-Nginx Process Model 1. for more information about PHP tutorials, see. After normal execution, Nginx will have multiple processes, the most basic of which are master_process (that is, the monitoring process, also known as the main process) and worker_process (that is, the wor
/tmp/nginx/scgi \--with-pcre \--with-file-aio# Make make install3 SYSV init script is provided for Nginx:#!/bin/sh## nginx-this script starts and stops the Nginx daemon## chkconfig: -About 15# Description: ng Inx is a HTTP (s) server, HTTP (s) reverse \# Proxy and IMAP/POP3 proxy SE rver# processname:nginx# con
;
For more information, see the figure. The code will not be parsed here. although it looks complicated, it is quite convenient to use.
Common operations include creating hash and hash for search.
Create hash:
1. construct an array of ngx_hash_key_t members, including the key, value, and a hash value calculated using the key.
2. construct a variable of the ngx_hash_init_t struct, which contains the ngx_h
the normal execution of Nginx will have a number of processes, the most basic master_process (that is, the monitoring process, also known as the main process) and worker_process (that is, the work process), there may be cache-related processes. These processes communicate with each other in order to pass some information (mainly the monitoring process is passed to the worker process). In addition to the communication between their own processes,
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.