All files from this thread

File Name	File Size		Posted by	Date
Snap156.gif	16 KB	open | download	Gerard Mattison	11/19/2016	Read message

Hello all,

I am using nginx with nginx-sticky-module-ng for distributing the load
among servers per specific user session for my java application.

One of the issue I having is that when I ran a vulnerability assessment,
the "route" cookie is coming up as not secure.

Attached image shows the issue.

I appreciate any can help me on how to make the route cookie secure.

Thanks in advance.

Best Regards,

Gerard


*nginx configuration*

upstream jetty {
sticky secure;
server 10.1.10.1:8080 fail_timeout=3s;
server 10.1.10.2:8080 fail_timeout=3s;
server 10.1.10.3:8080 fail_timeout=3s;

}

server {
listen 80;
server_name webapp.contoso.com;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name webapp.contoso.com;

access_log /var/log/nginx/webapp.contoso.com-access.log;
error_log /var/log/nginx/webapp.contoso.com-error.log;

ssl on;
ssl_certificate /etc/nginx/ssl/chain.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;

location / {
proxy_pass http://jetty/;

proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;

proxy_connect_timeout 90;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_buffer_size 128k;
proxy_buffers 100 256k;
proxy_busy_buffers_size 256k;
proxy_intercept_errors on;
}

include deny_dots.conf;
}
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx