NGINX PTA Module: Time-Limited Token Authentication
by Danila Vershinin, February 16, 2026
Learn how to protect NGINX content with time-limited encrypted tokens using the PTA (Period of Time Authentication) module. Prevent hotlinking and enable secure, expiring download links with AES-128 encryption.
Read More...NGINX Device Detection Module: Block AI Crawlers
by Danila Vershinin, February 15, 2026
The NGINX Device Detection Module (ngx_http_device_type_module) performs high-performance device classification directly at the edge. It identifies mobile phones, tablets, desktops, gaming consoles, smart TVs, wearables, and bots—including AI crawlers like GPTBot and ClaudeBot. Traditional device detection solutions rely on external API calls. This adds latency and per-request costs. The NGINX device detection module performs detection […]
Read More...NGINX Honeypot 3.0: Advanced IP Blocking with nftables
by Danila Vershinin,
NGINX Honeypot 3.0 introduces the ngx_nftset_access module – a complete rewrite using modern nftables instead of legacy ipset. Auto-ban attackers, rate-limit abusers, and challenge bots with proof-of-work puzzles, all from within NGINX.
Read More...NGINX max_headers: Prevent Header-Flooding DoS
by Danila Vershinin, February 8, 2026
Learn how to use the max_headers directive in nginx-mod to limit the number of HTTP request headers and protect your server from header-flooding DoS attacks. Includes installation, configuration, and testing on RHEL-based systems.
Read More...fds FirewallD Made Easy: Trusted Lists
by Danila Vershinin,
Managing a Linux firewall shouldn’t require memorizing pages of firewall-cmd syntax. Yet that’s exactly what FirewallD demands for everyday tasks like blocking an abusive IP or whitelisting PayPal webhooks. Enter fds and trusted-lists — two tools from the GetPageSpeed repository that transform fds FirewallD management from painful to pleasant. Together, they give you: fds: Block […]
Read More...NGINX Digest Authentication: More Secure Than Basic Auth
by Danila Vershinin, February 7, 2026
Learn how to configure NGINX digest authentication using the ngx_http_auth_digest module. This guide covers installation, htdigest password files, brute-force protection, shared memory tuning, and when to choose digest auth over basic auth for securing your NGINX locations.
Read More...NGINX Sysguard: Automatic Protection Against Server Overload
by Danila Vershinin,
Learn how to protect your NGINX server from overload using the sysguard module. Configure load-based request rejection, memory protection, and response time monitoring for graceful degradation under pressure.
Read More...NGINX Cookie Flag Module: Set HttpOnly, Secure, and SameSite
by Danila Vershinin, February 6, 2026
Learn how to enforce HttpOnly, Secure, and SameSite cookie flags in NGINX using the cookie flag module. Step-by-step installation, configuration examples, and security best practices for protecting session cookies at the reverse proxy layer.
Read More...NGINX JavaScript Challenge: Stop Bots Without CAPTCHAs
by Danila Vershinin,
Learn how to protect your NGINX server from bots and DDoS attacks using the JavaScript challenge module. This lightweight proof-of-work solution filters automated traffic without CAPTCHAs, preserving user experience while blocking scripts that cannot execute JavaScript.
Read More...NGINX NAXSI WAF: Complete Setup and Configuration Guide
by Danila Vershinin,
Learn how to set up the NAXSI web application firewall for NGINX on Rocky Linux and RHEL. This guide covers installation, core rules, learning mode, whitelisting, libinjection integration, and production deployment of this lightweight WAF alternative to ModSecurity.
Read More...Recommended Web Hosting
