The NGINX Controller API Management Module secures your APIs at every API touchpoint – authenticating and authorizing third-party client applications and developers, rate limiting API calls to mitigate DDoS attacks, and protecting backend applications that process the API calls.
PCI DSS Best Practices with NGINX Plus
It's easy to implement PCI DSS best practices, such as using new versions of TLS rather than the older SSL, encrypting upstream as well as downstream communications, and adding a WAF, with NGINX Plus. Taking these steps will help you pass PCI DSS audits. Here's how to implement them.
Trust No One: The Perils of Trusting User Input
A newly discovered security threat exploits a configuration that allows remote users to specify the server for a request in the HTTP Host header, and thus access potentially sensitive information. In this post we explain how to prevent this "cloud metadata" attack.
Top 5 NGINX Blog Posts for 2017 – NGINX Plus R12, Microservices, & More
Top 5 2017 blog posts: NGINX Plus Release 12, microservices, load balancing, security, and the NGINX Application Platform.
ModSecurity: Logging and Debugging
In this blog post, we describe the basics of logging and debugging with ModSecurity and provide audit log and debug log examples
Dynamic IP Denylisting with NGINX Plus and fail2ban
We implement dynamic IP address-based denylisting using the NGINX Plus key-value store and fail2ban, which monitors log files for suspicious activity
Announcing NGINX Plus R13
NGINX Plus R13, with more dynamic deployments, enhanced debugging, and improved security, is now available free to NGINX Plus subscribers
Compiling and Installing ModSecurity for NGINX Open Source
In this blog we cover how to protect your website by compiling and installing ModSecurity 3.0 for NGINX Open Source. ModSecurity 3.0 is a complete redesign of ModSecurity that works natively with NGINX.
Web Application Security
Tyler Shields of Signal Sciences explains the alphabet soup of security-related terms, starting with WAF, and how they work together.
Announcing General Availability of the NGINX ModSecurity WAF for NGINX Plus
The NGINX Plus with ModSecurity web application firewall (WAF) protects you from a broad range of security threats, including DDoS attacks, SQLi, and XSS.