2017-09-05 23:29:48 +00:00
# awesome-nginx-security
2017-09-05 23:43:08 +00:00
A curated list of awesome links related to application/API security in NGINX environment.
2017-09-05 23:29:48 +00:00
## Talks
2017-09-15 02:12:24 +00:00
- [Let's Encrypt TLS for Every (video) ](https://www.youtube.com/watch?v=ac4tE4_4nU0 )
2017-09-05 23:54:58 +00:00
- [Behavior Based Security with Repsheet: Aaron Bedra @nginxconf 2014 (video) ](https://www.youtube.com/watch?v=9AyaVxzqYoA )
2017-09-15 02:09:01 +00:00
- [Making applications secure with NGINX (video) ](https://www.youtube.com/watch?v=rNNRGDAZeKY )
2017-09-15 02:10:55 +00:00
- [Scripting NGINX for Overload Protection (video) ](https://www.youtube.com/watch?v=uFm-tp4t2mE )
2017-09-15 02:17:31 +00:00
- [Naxsi, a WAF for NGINX (video) ](https://www.youtube.com/watch?v=JiJHCodn_PQ )
2017-09-05 23:43:08 +00:00
2017-09-06 00:05:30 +00:00
## Articles
2017-09-05 23:43:08 +00:00
2017-10-03 01:21:45 +00:00
- [Building a Security Shield for Your Applications with NGINX ](https://www.nginx.com/blog/build-application-security-shield-with-nginx-wallarm )
- [Pitfalls and Common Security Mistakes in NGINX configuration ](https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ )
2017-09-05 23:54:58 +00:00
- [Let's Encrypt & Nginx ](https://letsecure.me/secure-web-deployment-with-lets-encrypt-and-nginx/ )
- [Installing the Nginx Plus with mod_security WAF ](https://www.nginx.com/resources/admin-guide/nginx-plus-modsecurity-waf-installation-logging/ )
2017-09-15 02:19:05 +00:00
- [CloudFlare's new WAF: compiling to Lua (based on Nginx) ](https://blog.cloudflare.com/cloudflares-new-waf-compiling-to-lua/ )
2017-09-15 02:33:39 +00:00
- [Tips to harden your nginx configuration ](https://www.acunetix.com/blog/articles/nginx-server-security-hardening-configuration-1/#comment-16863 )
2017-10-03 01:24:34 +00:00
- [How To Protect an Nginx Server with Fail2Ban on Ubuntu 14.04 ](https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04 )
2017-09-15 02:34:03 +00:00
- [Important steps to take to make an Nginx server more secure ](https://help.dreamhost.com/hc/en-us/articles/222784068-The-most-important-steps-to-take-to-make-an-Nginx-server-more-secure )
2017-09-15 02:07:16 +00:00
## Configuration
- [gixy ](https://github.com/yandex/gixy/ ) - a tool to analyze Nginx configuration to prevent security misconfiguration
2017-09-05 23:43:08 +00:00
2017-09-15 02:09:41 +00:00
## WAFs (Web Application Firewall) for Nginx
2017-09-06 00:10:44 +00:00
2017-09-06 00:12:12 +00:00
- [mod_security ](https://github.com/SpiderLabs/ModSecurity-nginx ) - mod_security for NGINX
2017-09-06 00:10:44 +00:00
- [naxsi ](https://github.com/nbs-system/naxsi ) - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX.
2017-10-03 01:21:45 +00:00
- [NGINX 3rd Party Modules ](https://www.nginx.com/resources/wiki/modules/ ) - a list of third-party modules (including security-related) for NGINX and NGINX Plus, created and maintained by members of the NGINX community
- [wallarm ](https://wallarm.com ) - NG-WAF for NGINX with the security rules adjusted with AI
2017-09-06 00:10:44 +00:00
2017-09-15 02:18:26 +00:00
## Bot mitigation / Anti-scrapping / Account take-over prevention
2017-09-15 02:07:16 +00:00
2017-09-06 00:05:14 +00:00
- [testcookie-nginx-module ](https://github.com/kyprizel/testcookie-nginx-module ) - Simple robot mitigation module using cookie based challenge/response technique
2017-09-15 02:07:16 +00:00
## NGINX forks
- [SEnginx ](https://github.com/NeusoftSecurity/SEnginx ) - Security-Enhanced nginx
- [lua-resty-waf ](https://github.com/p0pr0ck5/lua-resty-waf ) - High-performance WAF built on the OpenResty stack
2017-09-15 02:33:39 +00:00
## Other
- [Secure nginx config. GIST ](https://gist.github.com/plentz/6737338 ) - nginx configuration for improved security and performance
