ajblane/Nginx-Hardened-Mode

Hardened Mode for Nginx

Nginx-Hardened-Mode

Hardened Mode for Nginx

• Requirements
• Features
  • drop requests from unrusted source address
  • get latest ip list of trusted service automatically
  • immediately error reporting
• Roadmap
• Known Issue
• Contact Us

Requirements

• libcjson1
• nginx==1.18.0

Features

Drop Request from Untrusted Source Address

If a request comes from an address out of trusted list, it'll be drop immediately.

Get Latest IPs List of Trusted Service Automatically

Make it easier to deal with ips lists provided by numerous well-known services which changed frequently. Currently supported: cloudflare, fastly.

Immediately Error Reporting

Auto reporting while failed over to Normal Mode (Behavior of Original Nginx) by WebHook.

Roadmap

• ✅ Source IP address validation
• ✅ IP List of CDN (ex: cloudflare, fastly...etc)
• 🚀 IP List of Public Cloud (ex: gcp, azure, aws, akamai... etc)
• 🚀🚀 Secret Sauce :)

Known Issues

• Commands nginx -s reload and nginx -s stop might fail in certain conditions. If encounter such error, you might have to kill nginx processes manually.
• Binary compatibility (ex: Nginx MODULE SIGNATURE)

Contact Us

Be funny