Security researchers at Detectify have recently discovered a series of middleware misconfigurations in Nginx that could leave web applications vulnerable to attack.
Modular, lightweight, open-source, and with a user-friendly configuration format, Nginx is one of the most popular web servers, powering one in three websites globally. But, Detectify, which maintains an automated web application scanner, says this level of flexibility makes it easy to make errors that could leave a site open to attack.
In 2020, the Detectify team analyzed around 50,000 unique Nginx configuration files downloaded from GitHub with Google BigQuery, to find the number of possible misconfigurations that could leave web applications open to attack. These issues included issuing unsafe variable use, root location, raw backend response reading, and merge slashes set to off.
To Read More: Portswigger