Ensure only whitelisted HTTP methods are allowed
Details HTTP methods (also known as verbs) allow different actions to be requested from the web server at a specified...
- Home
- Security Hardening
- CIS Nginx Benchmark V1.0.0 L1 Proxy
CIS Nginx Benchmark V1.0.0 L1 Proxy
Ensure package manager repositories are properly configured
Details Systems need to have package manager repositories properly configured to ensure they receive the latest patches and updates. Rationale:...Ensure private key permissions are restricted
Details The server’s private key should be protected from unauthorized access by limiting access based on the principle of least...Ensure proxies pass source IP information
Details The x-forwarded-for and remote address headers help identify and separate the originating client IP address of the user agent...Ensure proxies pass source IP information – X-Real-IP
Details The x-forwarded-for and remote address headers help identify and separate the originating client IP address of the user agent...Ensure requests for unknown host names are rejected
Details Your host header should be part of a predefined whitelist of known good hosts, which enables blocking access to...Ensure send_timeout is set to 10 seconds or less, but not 0
Details The send_timeout directive sets a timeout for transmitting a response to the client between two successive write operations. Rationale:...Ensure that NGINX is run using a non-privileged, dedicated service account – groups
Details The nginx user directive designates which user account nginx worker processes run under. Ensuring a non-privileged, dedicated service account...Ensure that NGINX is run using a non-privileged, dedicated service account – nginx.conf
Details The nginx user directive designates which user account nginx worker processes run under. Ensuring a non-privileged, dedicated service account...Ensure that NGINX is run using a non-privileged, dedicated service account – sudo
Details The nginx user directive designates which user account nginx worker processes run under. Ensuring a non-privileged, dedicated service account...