Enforce Strong Authentication

March 27, 2025, 10:50 am / ggsu20003.onesmablog.com

Part 1: 무료스포츠중계사이트

✅ Option 1: Basic HTTP Auth (Quick & Simple)

Add a .htpasswd file with a hashed user:password combo.

Step-by-step:

  1. Generate a password:


 

bash

복사편집

sudo apt install apache2-utils htpasswd -c /etc/nginx/.htpasswd your_username

  1. Add this to your NGINX block:


 

nginx

복사편집

location / { auth_basic "Restricted Access"; auth_basic_user_file /etc/nginx/.htpasswd; proxy_pass http://localhost:5050/; # Your app ... }

???? Pros: Simple, lightweight
???? Cons: No copyright, vulnerable if you don’t use HTTPS

✅ Option 2: OAuth2 Proxy (Most Secure)

Use oauth2-proxy with Google, GitHub, or another identity provider. This enables SSO + copyright + session tokens.

  • Deploy with Docker or systemd

  • Protect apps like:

    • sonarr.yourdomain.com

    • radarr.yourdomain.com

Example:


 

nginx

복사편집

location / { proxy_pass http://localhost:4180; # oauth2 proxy proxy_set_header X-Auth-Request-User $remote_user; }

???? Best for shared apps, teams, or remote access

???? Part 2: Add Rate-Limiting to Block Abuse

✅ Basic Request Throttling

NGINX allows IP-based rate limits using limit_req_zone.

Step-by-step:

  1. Define the zone (top of your config):


 

nginx

복사편집

limit_req_zone $binary_remote_addr zone=mylimit:10m rate=5r/s;

  1. Apply to a location block:


 

nginx

복사편집

location / { limit_req zone=mylimit burst=10 nodelay; proxy_pass http://localhost:5050; ... }

This allows 무료스포츠중계 5 requests per second, with a burst of 10, before slowing or rejecting clients.

✅ Ban Bots or Suspicious Traffic with Fail2Ban

Install Fail2Ban and create a jail for NGINX:

  • Monitors logs for repeated 403s or 401s

  • Automatically blocks brute force attempts

Sample jail config:


 

ini

복사편집

[nginx-auth] enabled = true filter = nginx-auth action = iptables[name=HTTP, port=http, protocol=tcp] logpath = /var/log/nginx/error.log maxretry = 5

???? Bonus: 무료스포츠중계 Harden Your SSL

If you’re exposing anything on the internet:

  • Use Let's Encrypt SSL certs with auto-renew

  • Set strong protocols in NGINX:


 

nginx

복사편집

ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'HIGH:!aNULL:!MD5';

  • Enable HTTP Strict Transport Security (HSTS)

???? Security Layer Recap:

Feature Tool/Method Level
Password Auth .htpasswd Basic
OAuth + copyright oauth2-proxy Advanced
Rate Limiting limit_req_zone Medium
Auto-Ban Brute Force Fail2Ban High
SSL / HTTPS Let's Encrypt + HSTS Essential
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Comments on “Enforce Strong Authentication”

Leave a Reply

Gravatar