One of you asked this.
I love the feedback! It gives me an idea of what to write.
Previously, I explained how to configure the Apache HTTP server with HTTPOnly and Secure flag, and in this article, I’ll talk about doing the same thing on Nginx web server.
Having HTTPOnly and Secure in HTTP response header can help to protect your web applications from cross-site scripting and session manipulation attacks.
There are multiple ways to get this configured.
- Within application code by developers
- Injecting headers from the network edge, F5
- Configuring at web servers
There are two possible ways to achieve this in Nginx web server.
By using “add_header” directive
An easy way to set cookie flag as HTTPOnly and Secure in
Set-Cookie HTTP response header. Take a backup of the necessary configuration file and add the following in
add_header Set-Cookie "Path=/; HttpOnly; Secure";
Restart Nginx to verify the results
By using proxy_cookie_path
Another alternative option is to add the below syntax in ssl.conf or default.conf
proxy_cookie_path / "/; HTTPOnly; Secure";
Restart the Nginx to see the results
If you are testing Intranet based sites, then you can use “Developer Tools” in Chrome to examine the request headers. However, for Internet-facing, you can use an online HTTP response header checker tool.
I hope this helps to secure & harden the Nginx web server.
More great readings on Nginx
How to Redirect AMP Page to Non-AMP in Nginx, Apache, Cloudflare?Abhishek Nair on September 27, 2021
How to Block .git in Apache, Nginx and Cloudflare?Chandan Kumar on October 27, 2020
How to Protect Page with Password in Apache, Nginx, WordPress, Hosting?Chandan Kumar on September 11, 2020
How to Implement ZeroSSL Certificate in Apache and Nginx?Asad Ali on May 24, 2020
Configuring Nginx for Performance and SecurityMichael Aboagye on February 24, 2020
How to Enable CORS in Apache and Nginx?Chandan Kumar on October 18, 2019
Join Geekflare Newsletter
Every week we share trending articles and tools in our newsletter. More than 10,000 people enjoy reading, and you will love it too.