31.07.2025

Nginx Security: How to Control Resources and Set Limits for a Safer Server

Nginx is one of the best popular webservers today. Its popularity is due to the fact that it is very fast and easy to set up. Other side of this popularity - nginx is often being a target of malicious attacks. So, if your nginx is not limited by available resources, your server may totally "fall" when nginx spent all system resources. That's why you should control and limit resources Nginx consumed.

All limits are sets in nginx configuration file. I will describe it on Ubuntu 20.04 as example. All changes will be made in /etc/nginx/nginx.conf file. Each directive should end with a semicolon. I will describe the most important parameters further.

Global settings

These settings will affect on whole server. Parameters description is:

Disk operations

These settings define how to nginx operate with disk drive:

Compression and caching

You may cache some data to do nginx faster. Compression will reduce traffic flow:

Security settings

You may restrict access for scrapers, bots, downloaders etc. Just add construct like below to restricted location:

if ($http_user_agent ~* LWP::curl|wget|*bot) {

return 403;

}

Also, you can allow access to some website areas via defined IPs only. It could be useful to restrict access to admin area e.g.:

location /admin/ {
## allow access from your IP
allow xxx.xxx.xxx.xxx/32;
## drop all other connections
deny all;
}

Conclusion

Nginx is a powerful and efficient web server widely used for its speed and flexibility. However, its popularity makes it a frequent target for various attacks and resource abuse attempts. Properly configuring resource limits and access controls in your Nginx setup is essential to maintain server stability, prevent overloads, and protect sensitive areas from unauthorized access. By tuning global connection limits, optimizing disk operations, enabling compression and caching, and implementing security restrictions like IP-based access control and user-agent filtering, you can significantly improve both performance and security of your server. Always remember to regularly review and adjust these settings based on your server’s workload and traffic patterns to ensure optimal protection and efficiency.

You may be also interested in

FAQ