Write Review

1.
Hide details about Nginx

By-default the Nginx version is shown in the response headers as shown below.

Having such information will facilitate a hacker in an attempt at attacking the web server.

[linuxuser@centos7-nginx ~]$ curl -I http://35.225.245.112
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 23 May 2018 19:14:48 GMT
Content-Type: text/html
Content-Length: 3700
Last-Modified: Tue, 06 Mar 2018 09:26:21 GMT
Connection: keep-alive
ETag: "5a9e5ebd-e74"
Accept-Ranges: bytes

Disable the information leakage by adding the line below in http section in nginx config file /etc/nginx/nginx.conf

http {
  server_tokens off;

Save the file and reload nginx

$ sudo systemctl reload nginx

Confirm that the nginx version details are no longer shown.

[linuxuser@centos7-nginx ~]$ curl -I http://35.225.245.112
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 May 2018 19:17:53 GMT
Content-Type: text/html
Content-Length: 3700
Last-Modified: Tue, 06 Mar 2018 09:26:21 GMT
Connection: keep-alive
ETag: "5a9e5ebd-e74"
Accept-Ranges: bytes

2.
Enable X-XSS Protection

X-XSS protects the web server against cross-site scripting attacks. Add the line add_header X-XSS-Protection "1; mode=block";  in http section in nginx config file X-XSS-Protection "1; mode=block";

http {
  server_tokens off;
  add_header X-XSS-Protection "1; mode=block";

3.
Disable Undesirable HTTP methods

The desirable HTTP methods include POST, HEAD, GET while the undesirable ones are DELETE or TRACE. These are quite risky as they give provision of stealing cookie information through cross-site tacking attacks.

To disable this add the line below in server section in nginx config file /etc/nginx/nginx.conf

if ($request_method !~ ^(GET|HEAD|POST)$ )
{
   	return 405;
}

Save the file and reload nginx service

4.
Prevent clickjacking attacks

Clickjacking attack entails hacker placing a hidden link below legitimate button on site and the user unknowingly clicks on the attacker’s link causing malice. In most cases, this is done using iframes. Hence in nginx, it’s recommended to insert X-FRAME-OPTIONS “SAMEORIGIN” in the header to limit the browser to load resources only from the same origin.

Add the line add_header X-Frame-Options "SAMEORIGIN"; in the http section in nginx config file /etc/nginx/nginx.conf

Save the file and reload nginx service

5.
Always keep nginx up to date

The nginx updates will always ensure that any security vulnerabilities in previous versions or releases have been resolved. Just run the command below:

$ sudo yum update nginx

Special note: HostAdvice's hosting reviews allow you to consult with thousands of users before purchasing a hosting plan. If you are looking to purchase a CentOS VPS plan, consult the VPS hosting reviews or Linux Hosting reviews.

 

Check out the top 3 Dedicated server hosting services:

 

Was this article helpful?