Ensure access logs are sent to a remote syslog server
Details Centralized log management helps ensure logs are forensically sound and are available at a central location for auditing and...
- Home
- Security Hardening
- CIS Nginx Benchmark V1.0.0 L2 Loadbalancer
CIS Nginx Benchmark V1.0.0 L2 Loadbalancer
Ensure allow and deny filters limit access to specific IP addresses
Details IP-based restrictions act as a defense in depth mechanism. They allow you to whitelist legitimate paths to your applications...Ensure error logs are sent to a remote syslog server
Details Centralized log management helps ensure logs are forensically sound and are available at a central location for auditing and...Ensure HTTP Public Key Pinning is enabled
Details HTTP Public Key Pinning, also known as certificate pinning, allows a site to specify exactly which certificates the browser...Ensure HTTP WebDAV module is not installed
Details The http_dav_module enables HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV) as defined by RFC 4918. This enables...Ensure modules with gzip functionality are disabled
Details gzip is used for compression. Compression functionality should be disabled to prevent certain types of attacks from being performed...Ensure NGINX is installed from source
Details Installing NGINX directly from source allows you to install NGINX without the use of a package manager. Rationale: Installing...Ensure only required modules are installed
Details This NGINX installation comes with several modules out of the box. These modules are not all always needed. Installations...Ensure rate limits by IP address are set
Details Rate limiting should be enabled to limit the number of requests an IP address may make to a server...Ensure session resumption is disabled to enable perfect forward security
Details Session resumption for HTTPS sessions should be disabled so perfect forward secrecy can be achieved. Rationale: Perfect forward secrecy...