Nginx Vulnerabilities
2 points
4 hours ago
| 2 comments
| HN
I am interested in starting a thread about NGINX usage. I know NGINX is an ingress/proxy/loadbalancer so it is VERY typical for it to be on the internet. Are people concerned about the security of it given the recent CVEs in it? And if so in a corporate environment?
slipwalker
4 hours ago
[-]
for a long time i have replaced my nginx instances with openresty ( the open source version with Lua scripting ) and the CVEs seem to be less critical and solved faster:

https://app.opencve.io/cve/?q=product%3Aopenresty+OR+vendor%...

https://app.opencve.io/cve/?q=product%3Anginx

reply
khurs
3 hours ago
[-]
Add 2 proxies sequentially, then they would both need to have CVE's in-order to get through!

If paranoid put on 2 different OS's - with one linux and other openbsd so 2 different OS's would also need to be compromised!

reply
finbot
2 hours ago
[-]
Also not sure this works, always depending on the vuln your traffic still gets forwarded to the second, and even the application which can still be exploited so not sure defence by depth works here.
reply
finbot
2 hours ago
[-]
Do you do this?
reply