How to limit file upload size on NGINX to mitigate DoS attacks

  • Technology
  • How to limit file upload size on NGINX to mitigate DoS attacks

If you have an NGINX site that must allow users to upload files, try this configuration to help prevent possible Denial-of-Service attacks.

Image: Jack Wallen

Out of the box, NGINX sets a limit of 1MB for file uploads. For some platforms, that might be considerably too low, especially for sites that allow users to upload items like images and video. However, if you open the floodgates too wide, you run the risk of ne’er-do-wells hitting you with Denial-of-Service (DoS) attacks. You certainly don’t want that.

But what can you do when you need to allow users to upload more than a single MB to your NGINX site? You control it with the client_max_body_size directive. Let me show you how.

What you’ll need

In order to make this work, you’ll need NGINX installed and configured to run your website. You’ll also need a user with sudo privileges. I’ll be demonstrating on Ubuntu Server 18.04, but this process should work on any platform that supports NGINX. With those at the ready, let’s configure.

SEE: How to become a network administrator: A cheat sheet (TechRepublic)

How to configure nginx.conf

The first thing we’re going to do is change the upload limit to 100MB in the nginx.conf file. Open the file with the command:

sudo nano /etc/nginx/nginx.conf

Look for the http section and add the following line (Figure A):

client_max_body_size 100M;

Save and close the file.

Figure A


Adding the configuration to NGINX config file.

Next, open the config file for your website. If you’re using the default, you would open that file with the command:

sudo nano /etc/nginx/sites-available/default

In that file, look for the server section and add the same line as you did in the nginx.conf file (Figure B).

Figure B


Adding the configuration line in the server section of your site config file.

In that same file, locate the location section you’ve configured for site uploads and add the same line (Figure C).

Figure C


Adding the configuration line in the locations directive.

Of course, your uploads directive will probably be a bit more complex than the basic one I’ve illustrated, but you get the point.

Save and close the file.

Run the NGINX configuration test with the command:

sudo nginx -t

You shouldn’t see any errors. Restart NGINX with the command:

sudo systemctl restart nginx

At this point, if anyone attempts to upload a file size larger than 100 MB, they’ll receive a 413 error (Request Entity Too Large). Your NGINX server is now a tiny bit safer from DoS attacks, while still allowing your users to upload files. No, this isn’t a be-all-end-all preventive measure for DoS attacks, but these days anything you can do to stave off the ne’er do wells is a step in the right direction.

How to limit file upload size on NGINX to mitigate DoS attacks

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see

Did you like this article? You can read it and many others @ Tech Republic!

From The S3 News Community

Check out posts from our own content writers


Here's the latest news

Ladies and gentlemen, we are back.  The Masked Singer has returned with a brand new season and thus we're here to drive ourselves crazy trying to figure out which celebrities are under all those masks. The first mystery was already solved...

The Masked Singer Season 4 Premiere Unmasks the Dragon

WASHINGTON — For the birthdays of her Supreme Court clerks, Justice Ruth Bader Ginsburg would often bring a cake baked by her husband, Marty, a tax lawyer and deft chef, serving it at a celebration in her chambers.When the clerks...

Ginsburg Clerks Remember Her as a Mentor Who Treated Them Like Family

The Tampa Bay Lightning's captain has yet to suit up in bubble hockey. Now his team is one of the last two vying for the Stanley Cup. Stamkos posted 66 points (29 goals, 37 assists) in 57 games during the...

Steven Stamkos: Is the Lightning captain playing in Game 3?

Photography courtesy of Instagram/@asiafiasco via @inclusivestylisttoronto"It’s a way for people emerging in the industry to know that they’re not alone." By Odessa Paloma Parker Date September 23, 2020 icon-facebook icon-twitter While there’s been a bigger push in recent years for...

How Inclusive Stylist is Changing Representation Behind the Scenes

The new layer is color-coded, includes a count of new cases per 100,000 people, and indicates whether the count is going up or down. A new layer in Google maps shows coronavirus case levels at the county and state levels.Google...

Google adds a COVID-19 layer to Maps app to show health status at county and state levels
Load More
Share via
Copy link
Powered by Social Snap