A newly discovered security threat exploits a configuration that allows remote users to specify the server for a request in the HTTP Host header, and thus access potentially sensitive information. In this post we explain how to prevent this "cloud metadata" attack.

The Meltdown and Spectre vulnerabilities stem from commonly found security flaws in microprocessors. They require patches to most OSs.

Top 5 2017 blog posts: NGINX Plus Release 12, microservices, load balancing, security, and the NGINX Application Platform.

In this blog post, we describe the basics of logging and debugging with ModSecurity and provide audit log and debug log examples

NGINX Plus R13, with more dynamic deployments, enhanced debugging, and improved security, is now available free to NGINX Plus subscribers

In this blog we cover how to protect your website by compiling and installing ModSecurity 3.0 for NGINX Open Source. ModSecurity 3.0 is a complete redesign of ModSecurity that works natively with NGINX.

Tyler Shields of Signal Sciences explains the alphabet soup of security-related terms, starting with WAF, and how they work together.

The NGINX Plus with ModSecurity web application firewall (WAF) protects you from a broad range of security threats, including DDoS attacks, SQLi, and XSS.

Stepan Ilyan, cofounder of Wallarm, offers 10 tips for building a security shield to protect your site from all kinds of attacks, using Wallarm & NGINX

The NGINX Plus Certified Module from Stealth Security protects your websites and applications from all types of attacks and unwanted traffic.