Angel

Angel

Under review

I noticed that the default config for NGINX on ploi has this file

/etc/nginx/sites-available/catch-all

With this line

server { return 404; }

If you change this from 404 to 444

server { return 444; }

With this, when the url assigned to the server does not exit, the server won´t return a 404 with nginx version and a lot of other information, but instead it will drop directly the connection and give 0 information to the attacker/bot, etc. Easy change that will improve the ploi default server config.

Increase NGINX default security

1 total vote
Angel
  • Dennis moved item to board Under review

    7 months ago
  • Angel moved item to project Server Level Requests

    7 months ago
  • Angel created the item

    7 months ago