Common NGINX misconfigurations that leave web servers vulnerable to attack
- NGINX is a popular web server powering one-third of all websites
- Detectify's Security Research team analyzed almost 50,000 unique NGINX configuration files and discovered common misconfigurations
- Missing root directive can lead to sensitive files being accessed
- Off by slash vulnerability can allow access to sensitive files
- Remediation involves using specific paths and ensuring they do not contain sensitive files