Disable weak ciphers – proxy_ssl_ciphers
Details The ssl_ciphers directive should be used to configure the available ciphers on your web server, and the proxy_ssl_ciphers directive...
- Home
- Security Hardening
- CIS Nginx Benchmark V1.0.0 L1 Proxy
CIS Nginx Benchmark V1.0.0 L1 Proxy
Disable weak ciphers – ssl_prefer_server_ciphers
Details The ssl_ciphers directive should be used to configure the available ciphers on your web server, and the proxy_ssl_ciphers directive...Ensure access logging is enabled
Details The access_log directive should be on for every core site. It is enabled by default. Rationale: Access logging allows...Ensure access to NGINX directories and files is restricted
Details Permissions on the /etc/nginx directory should enforce the principle of least privilege. Rationale: This ensures that only users who...Ensure a trusted certificate and trust chain is installed
Details Certificates and their trust chains are needed to establish the identity of a web server as legitimate and trusted....Ensure custom Diffie-Hellman parameters are used
Details Custom Diffie-Hellman (DH) key exchange parameters should be used. DH Ephemeral (DHE) parameters with at least 2048 bits should...Ensure default error and index.html pages do not reference NGINX
Details The default error and index.html pages for NGINX reveal that the server is NGINX. These default pages should be...Ensure detailed logging is enabled
Details System logging should be configured to meet your organizational security and privacy policies. Enabling detailed logging to include information...Ensure error logging is enabled and set to the info logging level
Details All errors for applications should be logged. Rationale: Error logging can be useful in identifying an attacker attempting to...Ensure HTTP is redirected to HTTPS
Details Browsers and clients establish encrypted connections with servers by leveraging HTTPS. Requests leveraging HTTP are unencrypted. Unencrypted requests should...