uNGINXed: Detecting NGINX Misconfigurations
NGINX is widely used by businesses worldwide due to its high performance, efficiency, community support and load balancing. With the flexibility and ease of deployment of NGINX, ensuring the NGINX instance is safely configured is of utmost importance. This paper introduces a unique tool uNGINXed designed to bring the concept of shift-left testing for NGINX configurations. The uNGINXed tool would help detect potential misconfigurations in NGINX configuration files and flag them out as the system administrator is writing them. The uNGINXed architecture comprises of uNGINXed Engine, uNGINXed Signature Building utilities, and uNGINXed VSCode Extension. The uNGINXed engine is the brain of the uNGINXed, responsible for scanning NGINX configuration files for misconfigurations. uNGINXed has some features that are not presented on any of the tools currently. The first feature is that the developed VSCode extension in uNGINXed provides additional links and suggestions to the administrator straight from the IDE. Another key feature of uNGINXed is its ability to be easily integrated into existing build pipelines (CI/CD) to prevent vulnerable NGINX instances from going live, prompting system administrators and developers to fix the misconfigurations before deployment. The comparison results in our test show that our uNGINXed can achieve much higher misconfiguration detection rate than the existing tools.
History
Journal/Conference/Book title
The 6th International Conference on Applied Computational Intelligence in Information Systems (ACIIS 2023)Publication date
2023-12-23Version
- Post-print