03.06.2023

Nginx security. Control Resources and Limits

Nginx is one of the best popular webservers today. Its popularity is due to the fact that it is very fast and easy to set up. Other side of this popularity - nginx is often being a target of malicious attacks. So, if your nginx is not limited by available resources, your server may totally "fall" when nginx spent all system resources. That's why you should control and limit resources Nginx consumed.

All limits are sets in nginx configuration file. I will describe it on Ubuntu 20.04 as example. All changes will be made in /etc/nginx/nginx.conf file. Each directive should end with a semicolon. I will describe the most important parameters further.

Global settings

These settings will affect on whole server. Parameters description is:

Disk operations

These settings define how to nginx operate with disk drive:

Compression and caching

You may cache some data to do nginx faster. Compression will reduce traffic flow:

Security settings

You may restrict access for scrapers, bots, downloaders etc. Just add construct like below to restricted location:

if ($http_user_agent ~* LWP::curl|wget|*bot) {

return 403;

}

Also, you can allow access to some website areas via defined IPs only. It could be useful to restrict access to admin area e.g.:

location /admin/ {
## allow access from your IP
allow xxx.xxx.xxx.xxx/32;
## drop all other connections
deny all;
}

Conclusion

In this article I described how to optimize your nginx works and gave some advices about base security improvements.

You may be also interested in