If we have an API service and want to publish to public, better use a reverse proxy like nginx to handle all the dirty traffic trying to taken down your services.
With Nginx you will make your API server live prosper and not minding the dirty request which should not coming on your server if not using Nginx in front of it.
So lets do the Nginx configuration for securing your backend API server.
add_header
Cache-Control public;
add_header X-frame-Options
"DENY";
add_header X-Xss-Protection "1;
mode=block" always;
add_header
Content-Security-Policy-Report-Only "script-src https://skyway.shineapi.net";
add_header X-Content-Type-Options
"nosniff" always;
add_header Strict-Transport-Security
'max-age=31536000;includeSubDomains;preload;' always;
add_header Referrer-Policy
no-referrer-when-downgrade;
if ($http_referer = "") { return 403; }
With above configuration, any request incoming your API will be handled by Nginx and protected by the header config which is web security standards for securing any web app in the wild.
For the explanation i will put on another blog post for details.
0 comments:
Post a Comment