SSL-Offloader - Nginx Community

SSL-Offloader - Nginx Community: "### http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html   # Avoid a smurf attack net.ipv4.icmp_echo_ignore_broadcasts = 1   # Turn on protection for bad icmp error messages net.ipv4.icmp_ignore_bogus_error_responses = 1   # Turn on syncookies for SYN flood attack protection net.ipv4.tcp_syncookies = 1   # Turn on and log spoofed, source routed, and redirect packets #net.ipv4.conf.all.log_martians = 1 #net.ipv4.conf.default.log_martians = 1   # No source routed packets here net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0   # Turn on reverse path filtering net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1   # Make sure no one can alter the routing tables net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0   # Don't act as a router net.ipv4.ip_forward = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0   # Turn on execshild kernel.exec-shield = 1 kernel.randomize_va_space = 1   # Tuen IPv6 net.ipv6.conf.default.router_solicitations = 0 net.ipv6.conf.default.accept_ra_rtr_pref = 0 net.ipv6.conf.default.accept_ra_pinfo = 0 net.ipv6.conf.default.accept_ra_defrtr = 0 net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.default.dad_transmits = 0 net.ipv6.conf.default.max_addresses = 1   # Optimization for port usefor LBs # Increase system file descriptor limit fs.file-max = 65535   # Allow for more PIDs (to reduce rollover problems) # !!! may break some programs 32768 #kernel.pid_max = 65536   # Increase system IP port limits net.ipv4.ip_local_port_range = 2000 65000   # Increase TCP max buffer size setable using setsockopt() net.ipv4.tcp_rmem = 4096 87380 8388608 net.ipv4.tcp_wmem = 4096 87380 8388608   # Increase Linux auto tuning TCP buffer limits # min, default, and max number of bytes to use # set max to at least 4MB, or higher if you use very high BDP paths # Tcp Windows etc net.core.rmem_max = 8388608 net.core.wmem_max = 8388608 net.core.netdev_max_backlog = 5000 net.ipv4.tcp_window_scaling = 1"

'via Blog this'