NGINX Shibboleth Module: SSO Authentication Guide
by Danila Vershinin, March 22, 2026
Learn how to integrate NGINX with Shibboleth SSO using the nginx-http-shibboleth module. This guide covers installation, configuration of the FastCGI authorizer, secure attribute passing to backend applications, and critical anti-spoofing measures for production deployments.
Read More...NGINX Rewrite Response Status Code Module Guide
by Danila Vershinin, March 20, 2026
Learn how to rewrite HTTP response status codes in NGINX using the rewrite_status module. Change upstream status codes conditionally without losing the response body — something native NGINX cannot do.
Read More...NGINX Request Cookies Filter Module
by Danila Vershinin, March 19, 2026
Learn how to filter, strip, rewrite, and add cookies in NGINX request headers before they reach your upstream servers. The request cookies filter module gives you fine-grained control over incoming cookies for privacy compliance, security hardening, and cache optimization.
Read More...NGINX CDN Loop Detection: Prevent Request Loops
by Danila Vershinin, March 14, 2026
Learn how to prevent infinite request loops in NGINX CDN and reverse proxy configurations using the loop detect module. This module implements RFC 8586’s CDN-Loop header to track request hops and automatically block runaway loops before they consume server resources.
Read More...Accept-Encoding Normalization in NGINX for Better Caching
by Danila Vershinin, March 1, 2026
Learn how to normalize Accept-Encoding headers in NGINX to prevent cache variant explosion. The compression-normalize module standardizes client compression preferences, dramatically improving proxy cache hit rates when using Vary: Accept-Encoding.
Read More...NGINX Security Headers Module: Complete Configuration Guide
by Danila Vershinin, February 21, 2026
Configure NGINX security headers the right way with the ngx_security_headers module. This comprehensive guide covers all directives including X-Frame-Options, Referrer-Policy, HSTS, Cross-Origin policies, and automatic header hiding. Includes installation, configuration examples, and security best practices.
Read More...NGINX max_headers: Prevent Header-Flooding DoS
by Danila Vershinin, February 8, 2026
Learn how to use the max_headers directive in nginx-mod to limit the number of HTTP request headers and protect your server from header-flooding DoS attacks. Includes installation, configuration, and testing on RHEL-based systems.
Read More...NGINX Length Hiding Module: Does It Actually Prevent BREACH Attacks?
by Danila Vershinin, February 2, 2026
The NGINX length hiding module is often recommended for BREACH attack mitigation, but security research shows it only slows down attacks, not prevents them. Learn what actually protects against BREACH: SameSite cookies, CSRF token rotation, and proper application architecture.
Read More...NGINX CORS Configuration: The Complete Guide
by Danila Vershinin, January 24, 2026
Learn how to properly configure CORS in NGINX with this comprehensive guide. Discover why most tutorials are wrong, understand the critical `always` parameter, handle preflight requests, and implement production-ready configurations for credentials and multiple origins.
Read More...NGINX Security Headers, the right way
by Danila Vershinin, May 31, 2020
How to add NGINX security headers without configuration pitfalls and in a consistent way that will make your website safe for visitors
Read More...Recommended Web Hosting
