NGINX Honeypot 3.0: Advanced IP Blocking with nftables
by Danila Vershinin, February 15, 2026
NGINX Honeypot 3.0 introduces the ngx_nftset_access module – a complete rewrite using modern nftables instead of legacy ipset. Auto-ban attackers, rate-limit abusers, and challenge bots with proof-of-work puzzles, all from within NGINX.
Read More...Phantom Token NGINX Module: Secure API Gateway Auth
by Danila Vershinin, February 10, 2026
Learn how to implement the Phantom Token pattern in NGINX to secure your APIs. This module exchanges opaque access tokens for JWTs at the gateway level, protecting sensitive claims from client applications while working with any RFC 7662-compliant OAuth provider.
Read More...NGINX max_headers: Prevent Header-Flooding DoS
by Danila Vershinin, February 8, 2026
Learn how to use the max_headers directive in nginx-mod to limit the number of HTTP request headers and protect your server from header-flooding DoS attacks. Includes installation, configuration, and testing on RHEL-based systems.
Read More...fds FirewallD Made Easy: Trusted Lists
by Danila Vershinin,
Managing a Linux firewall shouldn’t require memorizing pages of firewall-cmd syntax. Yet that’s exactly what FirewallD demands for everyday tasks like blocking an abusive IP or whitelisting PayPal webhooks. Enter fds and trusted-lists — two tools from the GetPageSpeed repository that transform fds FirewallD management from painful to pleasant. Together, they give you: fds: Block […]
Read More...NGINX Digest Authentication: More Secure Than Basic Auth
by Danila Vershinin, February 7, 2026
Learn how to configure NGINX digest authentication using the ngx_http_auth_digest module. This guide covers installation, htdigest password files, brute-force protection, shared memory tuning, and when to choose digest auth over basic auth for securing your NGINX locations.
Read More...NGINX Sysguard: Automatic Protection Against Server Overload
by Danila Vershinin,
Learn how to protect your NGINX server from overload using the sysguard module. Configure load-based request rejection, memory protection, and response time monitoring for graceful degradation under pressure.
Read More...NGINX Cookie Flag Module: Set HttpOnly, Secure, and SameSite
by Danila Vershinin, February 6, 2026
Learn how to enforce HttpOnly, Secure, and SameSite cookie flags in NGINX using the cookie flag module. Step-by-step installation, configuration examples, and security best practices for protecting session cookies at the reverse proxy layer.
Read More...NGINX JavaScript Challenge: Stop Bots Without CAPTCHAs
by Danila Vershinin,
Learn how to protect your NGINX server from bots and DDoS attacks using the JavaScript challenge module. This lightweight proof-of-work solution filters automated traffic without CAPTCHAs, preserving user experience while blocking scripts that cannot execute JavaScript.
Read More...NGINX NAXSI WAF: Complete Setup and Configuration Guide
by Danila Vershinin,
Learn how to set up the NAXSI web application firewall for NGINX on Rocky Linux and RHEL. This guide covers installation, core rules, learning mode, whitelisting, libinjection integration, and production deployment of this lightweight WAF alternative to ModSecurity.
Read More...NGINX LDAP Authentication: Complete Module Setup Guide
by Danila Vershinin, February 5, 2026
Learn how to set up NGINX LDAP authentication using the nginx-auth-ldap dynamic module. This guide covers installation from pre-built packages, Active Directory integration, LDAPS encryption, multi-server failover, authentication caching, and production security hardening.
Read More...Recommended Web Hosting
