We provide guidance on using NGINX to mitigate the recently discovered vulnerability in PHP-FPM (CVE-2019-11043). The vulnerability is triggered when the PATH_INFO variable passed to PHP-FPM with an invalid value, which can happen in a common NGINX configuration.
Owen Garrett
Job title : Sr. Director, Product Management
Company : NGINX
Owen Garrett leads the product and go-to-market strategy for NGINX’s web acceleration and delivery technologies. Owen has over 15 years of experience in software engineering and product leadership at companies such as Riverbed. Today, Owen uses his technical and management expertise to optimize NGINX products and customer satisfaction.
Sort by
Global Server Load Balancing with NS1 and NGINX Plus
The NGINX agent for NS1 provides rich load and availability data to the NS1 global server load balancing service, for more agile and sophisticated DNS-based load balancing for sites and apps proxied by NGINX Plus at multiple locations. Our deployment guide provides complete instructions.
Do You Need A Service Mesh? – EMEA
Service mesh is one of the hottest emerging technologies. But do you really need a service mesh? Attend this webinar to learn about the app modernization journey and traffic management approaches for microservice-based apps. We'll help you figure out if you really need a service mesh.
Do You Need A Service Mesh?
Service mesh is one of the hottest emerging technologies. But do you really need a service mesh? Attend this webinar to learn about the app modernization journey and traffic management approaches for microservice-based apps. We'll help you figure out if you really need a service mesh.
Facing the Hordes on Black Friday and Cyber Monday
NGINX and NGINX Plus act as a "shock absorber" for traffic spikes like the ones on Black Friday and Cyber Monday. Thanks to enterprise-grade load balancing, connection and rate limiting, and caching, you can provide the flawless shopping experience that keeps your customers coming back.
Announcing NGINX Ingress Controller for Kubernetes Release 1.5.0
Release 1.5.0 of the NGINX Ingress Controller for Kubernetes introduces a new configuration schema, extended Prometheus-based metrics, simplifications to TLS configuration, support for load balancing traffic to ExternalName services, and a new repository for Helm charts.
Sampling Requests with NGINX Conditional Logging
With NGINX conditional logging, you can log a subset of requests which have defined characteristics. This blog uses it to solve a real-world customer use case: the need to reject obsolete and insecure SSL/TLS ciphers without excluding legitimate users of legacy devices.
Protecting SSL Private Keys in NGINX with HashiCorp Vault
The second post of our series about protecting SSL private keys shows how to set up HashiCorp Vault to store the passwords that protect private keys, and to configure NGINX to retrieve the passwords. We also discuss using a hardware security module for even greater security.
Secure Distribution of SSL Private Keys with NGINX
We describe three progressively more secure ways to protect SSL private keys when configuring NGINX to handle HTTPS traffic: allowing read access only to the root user, encrypting keys with separately stored passwords, and distributing passwords from a central repository.
Do I Need a Service Mesh?
"Service mesh" is a hot topic, but as of early 2019 most implementations are not production-ready. In this blog we offer advice on adopting existing technologies that are likely to meet the needs of all but the most complex applications until such time as service mesh is more mature.