NGINX Unit is a dynamic web application server, designed to run applications in multiple languages. Unit is lightweight, polyglot, and dynamically configured via API. The design of the server allows reconfiguration of specific application parameters as needed by the engineering or operations. NGINX Unit is currently available as a beta. As such, it is suitable…
What is ALPN ? Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS) extension for application layer protocol negotiation. ALPN allows the application layer to negotiate which protocol should be performed over a secure connection in a manner which avoids additional round trips and which is independent of the application layer protocols. It is…
What is TFO ? In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a TFO cookie (a TCP option), which is a cryptographic cookie stored on the client and set upon the initial connection with…
How to block access by user agent in Nginx. In this configuration, i will use ngx_http_map_module. Inside http section: include /etc/nginx/blacklist; Inside server section (virtual host). We will return 444 status code. if ($block_ua) { return 444; } The blacklist file (example) map $http_user_agent $block_ua { default 0; ~*profound 1; ~*scrapyproject 1; ~*netcrawler 1; ~*nmap…
HTTP DoS Protection with Nginx through ngx_http_limit_conn_module and ngx_http_limit_req_module modules. The ngx_http_limit_conn_module module is used to limit the number of connections per the defined key, in particular, the number of connections from a single IP address. Not all connections are counted. A connection is counted only if it has a request processed by the server…