Tag

Nginx Application Security

Browsing

by @Andrey Danau, Wallarm Research If you are like many app developers, you may be using nginx or apache proxy or a web server on the front end of your application. If you are on a tight schedule, it is tempting to tie authorization and data controls simply to the locations defined in the front end. Here lies a pitfall — due to a different treatment of the location path by the java-based back-end and the front-end.…

By @aLLy , Wallarm Research There was a very interesting vulnerability discovered in nginx, one of the most popular web/proxy/load balancing servers. This vulnerability leaks information about the application behind the nginx proxy. For example, a specially formed request can retrieve information on the internal structure of an application and/or its IP address. Turns out this issue has been around for all of ten years and the vulnerability affects versions of nginx as early as 0.5.6…

Wallarm is proud to be a gold sponsor of NGINX 2017. nginx.conf is an annual conference for technical professionals who are passionate about delivering better application and web performance. The event takes place on September 6–8 at the Nines Luxury Hotel in Portland, OR. Join us at the conference, meet Wallarm team and learn about implementing security for your NGINX deployments. Conference attendees will also get a chance to meet face-to-face and network with fellow…

Wallarm is a pioneer security vendor in the NGINX Certified Module program and provides trusted and verified security functionality to NGINX Plus customers. As long-time friends and technology partners of NGINX, Wallarm has worked hard in collaborating with the NGINX’s team to make sure or solutions work well and perform at the speed of load balancer. [See our earlier guide on securing web applications with Wallarm and NGINX.] With the new Certified Module program, customers…

In the beginning there was http 1 or 2, web pages were static and did not do much beyond displaying static text and images. Life has changed since… Web applications discovered that bi-directional communication between the browser and the web server is essential. Of course, http protocol, with it’s short lived client-initiated sessions, was not a good fit for this requirement. Before Websockets, a typical solution was to simulate server-push with long polling. This involved…

Many of the developers we speak to are interested in taking advantage of Google Compute Cloud for developing and hosting their web applications. The advantages are many from reasonable costs to built in scalability to high level of availability built right into the platform. However, the developers are faced with a question: if my application runs in dynamic instances within Compute Cloud and I only have limited control of the routing, how do I make…