Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Z
Z
Zamorozka2011-11-30 12:30:05
Java
Zamorozka, 2011-11-30 12:30:05

What is the best way to secure a web server - Apache or Nginx?

Let's say there is a java webapp on the Tomcat server.
I want to set up DoS protection, a filter for valid http requests, limits on connections from one IP, and other methods of protection.

What would you recommend in this case - Apache or Nginx?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

7 answer(s)
Report
H
homm, 2011-11-30
@homm

Using Apache as a protection against high loads is like allocating money to fight corruption.

Report
V
Vitaly Peretyatko, 2011-11-30
@viperet

Nginx unequivocally

Report
I
iandriyanov, 2011-11-30
@iandriyanov

Install Apache and Jinx Front.
run nGinx under:
http {
# even regular slow clients are usually expensive
reset_timedout_connection on;
client_header_timeout 15;
client_body_timeout 15;
send_timeout 5;
keepalive_timeout 30 15;
# introduce two restricted zones.
# On open connections and on request rate
limit_req_zone $binary_remote_addr zone=qglob:16m rate=3r/s;
limit_zone cglob $binary_remote_addr 16m;
server {
listen 80;
server_name www.myhost.ru;
proxy_set_header Host $host;
# needed for proxy_store to work
proxy_buffering on;
# limit the maximum number of connections from one ip
# to 4 clients from one ip via rfc2616
limit_conn cglob 32;
# Quickly catch "GET / ".
# Add a convenient file name.
location = / {
rewrite ^/$ /index.html last;
}
#Post-rate to serve static index.html or load from backend.
location = /index.html {
internal;
limit_req zone=qglob burst=9 nodelay;
open_file_cache_errors off;
root /tmp/nginx/cache/;
error_page 404 = /cached$uri;
}
location /cached/ {
internal;
alias /tmp/nginx/cache/;
proxy_pass phpfarm;
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_temp_path /tmp/nginx/tmp/;
}
#Brutally clamped on two requests per second search.
location = /advanced_search_result.php {
limit_req zone=qulag burst=2;
proxy_pass phpfarm;
}
# And everything else.
location / {
proxy_pass phpfarm;
}
}
}
You can also smoke in the direction of sysctl and pf (ipfw)

Report
Y
yitzhakv, 2011-11-30
@yitzhakv

Other protection methods include hiding the version of nginx and PHP.
server_tokens off;in nginx.conf
expose_php = Offin php.ini

Report
I
iandriyanov, 2011-11-30
@iandriyanov

And what OS?

Report
S
Sergey, 2011-11-30
@bondbig

If I understand correctly, the author means the Apache WAF - mod_security. Protecting them from DDoS will not work, this is a slightly different thing, but you can easily make a filter for valid http requests. Nginx will save you from light pioneer DDoS, simply because of its architecture, but it is not able to carry out any checks for the validity or harmfulness of requests .

Report
V
Vladislav Klimanov, 2011-11-30
@ahmpro

nginx + lua-nginx-module, a month ago there was an article on this topic on Habré: habrahabr.ru/blogs/nginx/130861/

Similar questions
E
e1s2015-05-26 11:24:41
How to get rid of ban (number of questions) on stackoverflow.com? 2Reply
I
Igor2013-11-22 11:42:33
Eckel, Schildt or Horstmann? 4Reply
D
Dred Wolf2020-07-12 22:20:58
What is the difference between Oracle JDK and OpenJDK? 4Reply
S
Serious_Sem2013-11-22 20:39:48
messaging patterns? 2Reply
S
Snabdinsky2013-11-24 18:27:36
Thinking In Java/Java Philosophy. 3rd Edition 2006 - Worth reading for a beginner? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question