Ready to use, NGINX sets a limit of 1 MB for log downloads. For some platforms, this can be significantly too low, especially for sites that allow users to download pieces like photos and videos. However, if you open the floodgates too much, there is a threat that denial of service (DoS) attacks never will. In fact, you don’t need it.
But what can you do when you have to allow users to download more than one MB to your NGINX site? You can do this with the client_max_body_size directive. Let me show you how.
For this, you want NGINX to be installed and configured to run your website. You’ll also want a user with sudo privileges. I will do a demo on Ubuntu Server 18.04, but this procedure deserves to be painted on any NGINX-compatible platform. With those ready, let’s set it up.
SEE: How a Network Administrator: A Cheat Sheet (TechRepublic)
The first thing we’ll do is replace the download restriction to 100 MB in the nginx.conf registry. Open the log with the command:
Locate the http segment and load the following line (Figure A):
Save and file.
Figure A
Configuration added to the NGINX configuration file.
Then open your website’s configuration log. If you use the default, you open this log with the command:
In this file, locate the server segment and load the same line that you made into the nginx.conf file (Figure B).
Figure B
The configuration line was added to the server segment of your configuration file.
In that same file, locate the location segment that you configured for downloads and load the same line (Figure C).
Figure C
Added the configuration line in the policy.
Of course, your burden directive will be a little more complex than the fundamental one I illustrated, but you understand that.
Save and file.
Run the NGINX configuration with the command:
You see mistakes. Restart NGINX with the command:
At this point, if someone tries to download a record length greater than 100 MB, you will get an error 413 (Request entity too large). Your NGINX server is now a little more secure against DoS attacks, while allowing its users to download logs. No, it is not an absolute preventive measure for DoS attacks, however, today, all you can do to avoid the negative effects is to take a step in the right direction.
Jack Wallen is an award for TechRepublic and Linux.com. He is an avid promoter of open source and voice of the Android expert. To learn more about Jack Wallen, visit his online page jackwallen.com.