nginx

ModSecurity: Logging and debugging table.nginx-blog, table.nginx-blog th, table.nginx-blog td { border: 2px solid black; border-collapse: collapse; } table.nginx-blog { width: 100%; } table.nginx-blog th { background-color: #d3d3d3; align: left; padding-left: 5px; padding-right: 5px; padding-bottom: 2px; padding-top: 2px; line-height: 120%; } table.nginx-blog td { padding-left: 5px; padding-right: 5px; padding-bottom: 2px; padding-top: 5px; line-height: 120%; } table.nginx-blog td.center { text-align: center; padding-bottom: 2px; padding-top: 5px; line-height: 120%; } “ModSecurity will help you sleep better at night because, above all, it solves the visibility problem: it lets you see your web traffic.” – Ivan Ristic, ModSecurity creator When something is not working as you expect it to, logs are always the first place to look. Good logs can provide valuable insights to help you troubleshoot the problems you’re facing. One of the reasons Ivan Ristic originally created ModSecurity is that he was frustrated with [ more… ]

Official Ansible Galaxy NGINX Roles Out Now NGINX has now created officially supported Ansible Roles for the open source NGINX software and NGINX Plus available on Ansible Galaxy. These Ansible Roles will be in continual development to support customer use cases. Within Ansible, the automation engine for application deployment, a Playbook allows users to install and configure applications across multiple servers, environments, and operating systems, all from one central location. An Ansible Role, in turn, bundles Ansible variables, tasks, and handlers into a clearly defined file structure. An Ansible Role can be dropped into an Ansible Playbook and immediately put to work. You can find community-developed roles at Ansible Galaxy, a free site for sharing, finding, and downloading roles. Downloading roles from Ansible Galaxy is a great way to jumpstart your automation projects. Installing the NGINX Ansible Galaxy Roles is [ more… ]

The NGINX WAF with ModSecurity and Project Honeypot “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.” – Warren Buffett To help fight crime, the FBI maintains a public Ten Most Wanted list, a list of the most dangerous criminals out there. Anyone who sees someone on the list can call the police, making it more difficult for these criminals to commit more crimes. In the world of technology, there’s a similar concept called Project Honeypot. Project Honeypot maintains a list of known malicious IPs. The list is available for free to the public. ModSecurity integrates with Project HoneyPot and can automatically block IP addresses on the Project Honeypot list. This process is known as IP reputation. In this blog post, we’ll cover how to configure ModSecurity [ more… ]

Using Free SSL/TLS Certificates from Let’s Encrypt with NGINX Also see our blog post from nginx.conf 2015, in which Peter Eckersley and Yan Zhu of the Electronic Frontier Foundation introduce the then-new Let’s Encrypt certificate authority. It’s now a well-known fact that SSL encrypting of your website leads to higher search rankings and better security for your users. However, there are a number of barriers that have prevented website owners from adopting SSL. Two of the biggest barriers have been the cost and the manual processes involved in getting a certificate. But now, with Let’s Encrypt, this is no longer a concern. Let’s Encrypt makes SSL encryption freely available to everyone. Let’s Encrypt is a free, automated, and open certificate authority. Yes, that’s right: SSL/TLS certificates for free. Certificates issued by Let’s Encrypt are trusted by most browsers today, including [ more… ]