Mission 96

Web hardening

Inspect training nginx API blocking and CSP headers.

Security administration
8 minutes Admin Lesson 96 of 360
grepnginx
Lesson 96 of 360 0/360 lessons 0/17 missions Security administration · 8 minutes
0%
Continue View profile
Ops lab terminal Training lab
New learnerrank 0XP 0%complete
learner@clairos:/home/learner $ Unix ops lab: type a command, press Enter
Instructions 8 minutes

Click any instruction for the command details, the why, and the common mistake to avoid.

Check API rule

Run grep /api/ /etc/nginx/sites-available/learn.conf.

grep /api/ /etc/nginx/sites-available/learn.conf
Check CSP

Run grep Content-Security-Policy /etc/nginx/sites-available/learn.conf.

grep Content-Security-Policy /etc/nginx/sites-available/learn.conf
Test nginx

Run nginx -t.

nginx -t
Lesson support

What to notice while you play.

Objective

Find API and CSP lines in training nginx config.

Hint

Search /api/ and Content-Security-Policy.

Why it matters

Headers and route denies reduce browser and server risk.

Common mistakes
  • Assuming static sites need APIs.
  • Forgetting to test config syntax.
Reference

Commands in this lesson.

grep [-i] <text> <file>

Find literal text inside a file.

nginx -t

Validate training nginx configuration.