The present invention discloses an engine x (Nginx) based method and device for security protection. The method includes: acquiring log data of a Nginx server; acquiring request related information of a client-side in the log data; and if the request related information of the client-side satisfies a predefined prohibition rule, issuing a prohibit instruction to the Nginx server to indicate the Nginx server to prohibit client-side request permission. Without invading the nginx server, the method and device avoid affecting the Nginx server and reduce the development and maintenance costs.