Thursday, 28 May 2020

Securing your Web services using Nginx


If we have an API service and want to publish to public, better use a reverse proxy like nginx to handle all the dirty traffic trying to taken down your services.

With Nginx you will make your API server live prosper and not minding the dirty request which should not coming on your server if not using Nginx in front of it.

So lets do the Nginx configuration for securing your backend API server.



    add_header Cache-Control public;
    add_header X-frame-Options "DENY";
    add_header X-Xss-Protection "1; mode=block" always;
    add_header Content-Security-Policy-Report-Only "script-src https://skyway.shineapi.net";
    add_header X-Content-Type-Options "nosniff" always;
    add_header Strict-Transport-Security 'max-age=31536000;includeSubDomains;preload;' always;
    add_header Referrer-Policy no-referrer-when-downgrade;
 
   if ($http_referer = "") {  return 403; }


With above configuration, any request incoming your API will be handled by Nginx and protected by the header config which is web security standards for securing any web app in the wild.

For the explanation i will put on another blog post for details.


0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More