Security - nginx size limits

Description

An nginx production webserver should prevent buffer attacks. While there are defaults for the different client request buffer setting and size limits it might be worth minimizing the as much as possible.

Solution

printf "client_body_buffer_size 1K;nclient_header_buffer_size 1k;nclient_max_body_size 1k;nlarge_client_header_buffers 2 1k;n" >/etc/nginx/conf.d/50-size-limits.conf

Check Script: security-nginx-size-limits.sh

settings="
client_body_buffer_size
client_header_buffer_size
client_max_body_size
large_client_header_buffers
"

locations="/etc/nginx /usr/local/nginx/conf"

for dir in $locations; do if [ -d $dir ]; then for s in $settings; do if ! rgrep -q "$s[[:space:]][[:space:]]*[1-9]" $dir/*-enabled $dir/conf.d; then result_failed "$s is not set anywhere in $locations" fi done fi done
Show Disqus Comments