How to disable Nginx default security rules

1

You can disable our Nginx security rules temporarily, or permanently : not recommended except for debug or incompatibility...

There are 2 levels: nginx profile, and those of the nginx global configuration

A. Those of the global configuration nginx

At bottom of your cPanel, click on following icon :

Nginx cPanel plugin

Choose your domain then click 'Configure' :

Nginx cPanel plugin

See section 'Security Settings', and line 'Security_headers'
Click 'Disabled' 

Click on big button on the left : 'Apply settings'

Détail : there is 4 securities behind button 'Security_headers' : X-Frame-Options, X-Content-Type-Options nosniff, X-XSS-Protection, HSTS

If not all securities are a problem, and that you want to be selective by enabling only a few, keep disabled Add a file named nginx.conf in /public_html for main domain and/or in the folder of website concerned (see path folder of website 'document_root' in section Domains of your cPanel).

To activate only X-Frame-Options, put in nginx.conf :

add_header X-Frame-Options "SAMEORIGIN";

To activate only X-Content-Type-Options nosniff, put in nginx.conf :

add_header X-Content-Type-Options nosniff;

To activate only X-XSS-Protection, put in nginx.conf :

add_header X-XSS-Protection "1; mode=block";

To activate only HSTS, put in nginx.conf :

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';

If you want to activate 2 or 3 just cumulate entries said above

Finally, go to line 'nginx.conf' in section 'Application status'. See next line 'nginx.conf reload', hit the reload button (wait 10-30 seconds so that new settings to be in effect), you will see status 'Valid' after few seconds if all ok.

 

If "BOT mitigate" was activated, deactivate it in case of persisting issues

 

B. Change your Nginx profile, through the cPanel section : 'Nginx', click 'Nginx-Manager' :

Nginx cPanel plugin

Choose your domain then click 'Configure'
See line 'PROXY' (default config) or go on with PHP if you were using PHP-FPM and click: 'Select'
Choose in 'Template' : 'YOORshop without sec', and click: 'Update'

To cancel, same procedure, and choose: 'YOORshop default'

Browse the best online HTML tools: editor, tags, cheat sheet, character codes, tag generators, website templates and more.

Also Read

How to fight against junk bot traffic

We have put a protection server wide with a list of not desired bots. Indeed we remarked that...

Unsufficient disk space

In order to satisfy existing customers who evolve using a lot of disk space (superior to 80GB)...

Real-time Ddos attacks in the world

https://www.digitalattackmap.com   https://threatmap.checkpoint.com

Optimal technique for DNS update

The DNS to be inserted for your hosting service are mentioned in the email of access that...

Files and folders permissions with linux

In general the permissions of the files must be 755 and the files to 644. This is a...