NGINX Cookie Flag Module: Set HttpOnly, Secure, and SameSite
by Danila Vershinin, February 6, 2026
Learn how to enforce HttpOnly, Secure, and SameSite cookie flags in NGINX using the cookie flag module. Step-by-step installation, configuration examples, and security best practices for protecting session cookies at the reverse proxy layer.
Read More...NGINX JavaScript Challenge: Stop Bots Without CAPTCHAs
by Danila Vershinin,
Learn how to protect your NGINX server from bots and DDoS attacks using the JavaScript challenge module. This lightweight proof-of-work solution filters automated traffic without CAPTCHAs, preserving user experience while blocking scripts that cannot execute JavaScript.
Read More...NGINX NAXSI WAF: Complete Setup and Configuration Guide
by Danila Vershinin,
Learn how to set up the NAXSI web application firewall for NGINX on Rocky Linux and RHEL. This guide covers installation, core rules, learning mode, whitelisting, libinjection integration, and production deployment of this lightweight WAF alternative to ModSecurity.
Read More...NGINX LDAP Authentication: Complete Module Setup Guide
by Danila Vershinin, February 5, 2026
Learn how to set up NGINX LDAP authentication using the nginx-auth-ldap dynamic module. This guide covers installation from pre-built packages, Active Directory integration, LDAPS encryption, multi-server failover, authentication caching, and production security hardening.
Read More...NGINX TOTP Authentication: Add 2FA to Your Server
by Danila Vershinin, February 4, 2026
Learn how to add time-based one-time password (TOTP) two-factor authentication to NGINX protected locations. This guide covers installation, configuration, and security best practices for the ngx_http_auth_totp module.
Read More...NGINX Upload Module: File Upload Handling Guide
by Danila Vershinin, February 2, 2026
Learn how to configure the NGINX upload module for efficient file upload handling. This comprehensive guide covers installation, configuration directives, resumable uploads, security best practices, and performance optimization for system administrators managing production servers.
Read More...NGINX JWT Authentication Module: Secure Your APIs
by Danila Vershinin,
Learn how to implement native JWT authentication directly in NGINX using the nginx-module-jwt. This lightweight module validates JSON Web Tokens at the edge, reducing backend load and simplifying your API security architecture.
Read More...NGINX Length Hiding Module: Does It Actually Prevent BREACH Attacks?
by Danila Vershinin,
The NGINX length hiding module is often recommended for BREACH attack mitigation, but security research shows it only slows down attacks, not prevents them. Learn what actually protects against BREACH: SameSite cookies, CSRF token rotation, and proper application architecture.
Read More...NGINX Reverse DNS Module: Hostname-Based Access Control
by Danila Vershinin,
Learn how to use the NGINX reverse DNS module (ngx_http_rdns) to verify client hostnames, block malicious traffic, and authenticate legitimate crawlers like Googlebot. This guide covers installation, configuration, and security best practices.
Read More...NGINX Bot Verification: Block Fake Crawlers
by Danila Vershinin, January 31, 2026
Learn how to verify and block fake search engine bots in NGINX using the bot-verifier module. This comprehensive guide covers installation, configuration, and testing of reverse DNS verification for Googlebot, Bingbot, and other crawlers.
Read More...Recommended Web Hosting
