awesome-nginx-security

A curated list of awesome links related to application/API security in NGINX environment.

Articles

• Building a Security Shield for Your Applications with NGINX
• Pitfalls and Common Security Mistakes in NGINX configuration
• Let's Encrypt & Nginx
• Installing the Nginx Plus with mod_security WAF
• CloudFlare's new WAF: compiling to Lua (based on Nginx)
• Tips to harden your nginx configuration
• How To Protect an Nginx Server with Fail2Ban on Ubuntu 14.04
• Important steps to take to make an Nginx server more secure
• Building Security into Cloud Native Apps with NGINX

Talks

• AppSecCali 2019 Lightning Talk - Building Cloud-Native Security for Apps and APIs with NGINX/Kubernetes - super practical
• Let's Encrypt TLS for Every (video)
• Behavior Based Security with Repsheet: Aaron Bedra @nginxconf 2014 (video)
• Scripting NGINX for Overload Protection (video)
• Naxsi, a WAF for NGINX (video)

Configuration

• gixy - a tool to analyze Nginx configuration to prevent security misconfiguration
• nginxconfig.io - GitHub - Online nginx configuration generator for general purposes.

WAF for NGINX. Protect APIs, applications and microservices

• mod_security - mod_security for NGINX
• naxsi - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX.
• NGINX 3rd Party Modules - a list of third-party modules (including security-related) for NGINX and NGINX Plus, created and maintained by members of the NGINX community
• Wallarm - Advanced Cloud-Native WAF

WAF for Kubernetes. Protect Cloud Native Apps

• WAF for Kubernetes - Deploy WAF in Kubernetes on Ingeress Controller or as a sidecr proxy

Bot mitigation / Anti-scrapping / Account take-over prevention

• testcookie-nginx-module - Simple robot mitigation module using cookie based challenge/response technique

NGINX forks

• SEnginx - Security-Enhanced nginx
• lua-resty-waf - High-performance WAF built on the OpenResty stack

Other

• Secure nginx config. GIST - nginx configuration for improved security and performance