Jump to content

nginx Reverse Proxy in Front of IPS


Recommended Posts

The question is what benefit are you looking to gain from it.  Adding that layer in front is going to make things more difficult for you going forward.  For example, if Nginx has something cached, and you make a change in the ACP to a theme or a setting...  but it does not bust the Nginx cache, you could be stuck troubleshooting other issues you did not anticipate or need to potentially address.  

You're going to have to weigh if the benefit that comes from adding it is outweighed by the potential problems and the extra maintenance involved.  

Link to comment
Share on other sites

1 hour ago, Randy Calvert said:

The question is what benefit are you looking to gain from it.

I was thinking security.

I use Nginx reverse proxy with the open source ModSecurity (Web Application Firewall) module for other public facing servers for compliance reasons, and want to do the same with IPS.

"Even when you understand security, it is difficult to create secure applications, especially when working under the pressures so common in today’s enterprise. The NGINX ModSecurity Web Application Firewall (WAF) protects applications against sophisticated Layer 7 attacks that might otherwise lead to systems being taken over by attackers, loss of sensitive data, and downtime. The NGINX ModSecurity WAF is based on the widely used ModSecurity open source software. "

 

  • Detect and stop a broad range of Layer 7 attacks:
  • SQL injection (SQLi), cross‑site scripting (XSS), and Local File Include (LFI), which which together account for over 90% of known Layer 7 attacks
  • Cross‑site request forgery (CSRF), Remote File Include (RFI), remote code execution (RCE), and HTTP protocol violations
  • Other common attack vectors, detected by your own custom regex‑based rules

 

1 hour ago, Randy Calvert said:

For example, if Nginx has something cached

I hear that, we could disable caching...

 

Edited by gigantor
Link to comment
Share on other sites

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...