Welcome! Log In Create A New Profile

Advanced

Help with securing "route" cookie

All files from this thread

File Name File Size   Posted by Date  
Snap156.gif 16 KB open | download Gerard Mattison 11/19/2016 Read message
Gerard Mattison
November 19, 2016 04:10PM
Hello all,

I am using nginx with nginx-sticky-module-ng for distributing the load
among servers per specific user session for my java application.

One of the issue I having is that when I ran a vulnerability assessment,
the "route" cookie is coming up as not secure.

Attached image shows the issue.

I appreciate any can help me on how to make the route cookie secure.

Thanks in advance.

Best Regards,

Gerard


*nginx configuration*

upstream jetty {
sticky secure;
server 10.1.10.1:8080 fail_timeout=3s;
server 10.1.10.2:8080 fail_timeout=3s;
server 10.1.10.3:8080 fail_timeout=3s;

}

server {
listen 80;
server_name webapp.contoso.com;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name webapp.contoso.com;

access_log /var/log/nginx/webapp.contoso.com-access.log;
error_log /var/log/nginx/webapp.contoso.com-error.log;

ssl on;
ssl_certificate /etc/nginx/ssl/chain.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;

location / {
proxy_pass http://jetty/;

proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;

proxy_connect_timeout 90;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_buffer_size 128k;
proxy_buffers 100 256k;
proxy_busy_buffers_size 256k;
proxy_intercept_errors on;
}

include deny_dots.conf;
}
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Attachments:
open | download - Snap156.gif (16 KB)
Subject Author Posted

Help with securing "route" cookie Attachments

Gerard Mattison November 19, 2016 04:10PM

Re: Help with securing "route" cookie

Francis Daly November 21, 2016 09:36AM

Re: Help with securing "route" cookie

hheiko November 21, 2016 05:27PM

Re: Help with securing "route" cookie

itpp2012 November 22, 2016 10:46AM

Re: Help with securing "route" cookie

Francis Daly November 21, 2016 07:00PM

Re: Help with securing "route" cookie

itpp2012 November 22, 2016 01:45PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 194
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready