# awesome-nginx-security

A curated list of awesome links related to application/API security in NGINX environment.

## Talks

- [Let's Encrypt TLS for Every (video)](https://www.youtube.com/watch?v=ac4tE4_4nU0)
- [Behavior Based Security with Repsheet: Aaron Bedra @nginxconf 2014 (video)](https://www.youtube.com/watch?v=9AyaVxzqYoA)
- [Making applications secure with NGINX (video)](https://www.youtube.com/watch?v=rNNRGDAZeKY)
- [Scripting NGINX for Overload Protection (video)](https://www.youtube.com/watch?v=uFm-tp4t2mE)
- [Naxsi, a WAF for NGINX (video)](https://www.youtube.com/watch?v=JiJHCodn_PQ)

## Articles

- [Building a Security Shield for Your Applications with NGINX & Wallarm](https://www.nginx.com/blog/build-application-security-shield-with-nginx-wallarm)
- [Let's Encrypt & Nginx](https://letsecure.me/secure-web-deployment-with-lets-encrypt-and-nginx/)
- [Installing the Nginx Plus with mod_security WAF](https://www.nginx.com/resources/admin-guide/nginx-plus-modsecurity-waf-installation-logging/)
- [CloudFlare's new WAF: compiling to Lua (based on Nginx)](https://blog.cloudflare.com/cloudflares-new-waf-compiling-to-lua/)
- [Tips to harden your nginx configuration](https://www.acunetix.com/blog/articles/nginx-server-security-hardening-configuration-1/#comment-16863)
- - [Important steps to take to make an Nginx server more secure](https://help.dreamhost.com/hc/en-us/articles/222784068-The-most-important-steps-to-take-to-make-an-Nginx-server-more-secure)

## Configuration

- [gixy](https://github.com/yandex/gixy/) - a tool to analyze Nginx configuration to prevent security misconfiguration

## WAFs (Web Application Firewall) for Nginx

- [mod_security](https://github.com/SpiderLabs/ModSecurity-nginx) - mod_security for NGINX
- [naxsi](https://github.com/nbs-system/naxsi) - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX.
- [wallarm](https://wallarm.com) - NG-WAF for NGINX with security rules adjusted with AI

## Bot mitigation / Anti-scrapping / Account take-over prevention 

- [testcookie-nginx-module](https://github.com/kyprizel/testcookie-nginx-module) - Simple robot mitigation module using cookie based challenge/response technique 

## NGINX forks

- [SEnginx](https://github.com/NeusoftSecurity/SEnginx) - Security-Enhanced nginx
- [lua-resty-waf](https://github.com/p0pr0ck5/lua-resty-waf) - High-performance WAF built on the OpenResty stack

## Other

- [Secure nginx config. GIST](https://gist.github.com/plentz/6737338) - nginx configuration for improved security and performance