How to protect an nginx + express.js site from offline browsers, malicious bots and other evil spirits?

Q

qo_0p2015-06-13 10:24:45

Nginx

qo_0p, 2015-06-13 10:24:45

Just a warning, newbie question.
It can be divided into 2 parts:
1. How to properly set up a proxy server on nginx to cut off offline browsers, bots, and everything that can load the server in vain?
2. How to protect the business logic of the project from "theft" using "regular" methods of node.js, express.js?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

T

Timur Shemsedinov, 2015-06-13
@MarcusAurelius

1. You can limit the intensity of requests from one IP to nginx, for example, using such a module nginx.org/ru/docs/http/ngx_http_limit_req_module.html or add a hardware or software firewall / firewall.
2. No one will take the source codes of the server if you do not write obvious holes through which they can be taken, and the client code will be taken away, but it can be slightly spoiled by obfuscation habrahabr.ru/post/112530 and minification https:// www.npmjs.com/package/uglify-js

Z

zysyl, 2015-06-18
@zysyl

there are different ways. But one way or another, this cannot be done just like that on the classic nginx. We need custom assemblies like habrahabr.ru/post/260159 . If you have experience in lua, then you can write waf to the standard nginx-extras

I

Ivan, 2015-06-13
@LiguidCool

1) None.
2) Lock clients in a directory if you have local file uploads.