中文
NGINX Plus 一个经常被忽视的优势是它可以快速轻松地保护自己免受安全威胁。我们会主动通知 NGINX Plus 订阅者安全漏洞和补丁,在受到攻击期间提供帮助,支持 JWT 和 OIDC 身份验证等。
不信任任何人:信任用户输入的风险
A newly discovered security threat exploits a configuration that allows remote users to specify the server for a request in the HTTP Host header, and thus access potentially sensitive information. In this post we explain how to prevent this "cloud metadata" attack.
借助 NGINX 缓解 HTTPoxy 漏洞
Use NGINX/NGINX Plus to prevent the HTTPoxy vulnerability, which attacks CGI and FastCGI-like application interfaces, from being exploited on your servers.
