for a long time i have replaced my nginx instances with openresty ( the open source version with Lua scripting ) and the CVEs seem to be less critical and solved faster:
Also not sure this works, always depending on the vuln your traffic still gets forwarded to the second, and even the application which can still be exploited so not sure defence by depth works here.
for a long time i have replaced my nginx instances with openresty ( the open source version with Lua scripting ) and the CVEs seem to be less critical and solved faster:
https://app.opencve.io/cve/?q=product%3Aopenresty+OR+vendor%...
https://app.opencve.io/cve/?q=product%3Anginx
Add 2 proxies sequentially, then they would both need to have CVE's in-order to get through!
If paranoid put on 2 different OS's - with one linux and other openbsd so 2 different OS's would also need to be compromised!
Also not sure this works, always depending on the vuln your traffic still gets forwarded to the second, and even the application which can still be exploited so not sure defence by depth works here.
Do you do this?