Almost every day, you read headlines about another company being hit with a distributed denial-of-service (DDoS) attack, or yet another data breach or site hack. The unfortunate truth is that everyone is a target.

One common thread amongst recent attacks is that the attackers are using the same bag of tricks they have been exploiting for years: SQL injection(SQL注入), password guessing(密码猜测), phishing(网络钓鱼), malware attached to emails(email发送恶意软件), and so on. As such, there are some common sense measures you can take to protect yourself. By now, these best practices should be old hat and ingrained into everything we do, but the path is not always

clear, and the tools we have available to us as application owners and administrators don’t always make adhering to these best practices easy.

To address this, the NGINX Cookbook Part 2 shows how to protect your apps using the open source NGINX software and our enterprise-grade product: NGINX Plus. This set of easy-to-follow recipes shows you how to mitigate DDoS attacks with request/

connection limits(使用请求/连接限制减轻DDoS攻击), restrict access using JWT tokens(使用JWT tokens限制访问), and protect application logic using the ModSecurity web application firewall

(WAF)(使用ModSecurity web应用防火墙(WAF)保护应用逻辑).

We hope you enjoy this second part of the NGINX Cookbook, and that it helps you keep your apps and data safe from attack.

                                                        — Faisal Memon

                                                    Product Marketer, NGINX, Inc.

This is the second of three installments of NGINX Cookbook. This book is about NGINX the web server, reverse proxy, load balancer, and HTTP cache(我是web服务器, 反向代理, 负载均衡器, HTTP缓存服务器 -- NGINX). This installment will focus on security aspects and features of NGINX and NGINX Plus, the licensed version of the NGINX server. Throughout this installment you will learn the basics of controlling access and limiting abuse and misuse of your web assets and applications(对你的web资产和应用的基本的控制访问和限制滥用). Security concepts such as encryption of your web traffic and basic HTTP authentication(加密web流量和基本的HTTP认证) will be explained as applicable to the NGINX server. More advanced topics are covered as well, such as setting up NGINX to verify authentication via third-party systems as well as through JSON Web Token Signature validation and integrating with single sign-on providers(设置NGINX通过JSON Web Token Signature 验证和整合单点登录来验证第三方系统). This installment covers some amazing features of NGINX and NGINX Plus, such as securing links for time-limited access and security(限制时间访问和安全的加密链接), as well as enabling web application firewall capabilities of NGINX Plus with the ModSecurity module. Some of the plug-and-play modules in this installment are only available through the paid NGINX Plus subscription. However, this does not mean that the core open source NGINX server is not capable of these securities.