I have a custom site where valid users will always login and have a valid session (and a cookie or headers to represent it). I would like to do the following, but not sure how to start...can someone just point me in the right direction? IF user has a valid session (I need to check if the header/cookie is in the http request), and a 404 is appropriate, re-direct to a specific location (or a &by aweber - Nginx Mailing List - English
I noticed that, but it appears to require a page / uri. I think the special 444 should not return content, if I am reading its design correctly. -Aaron Maxim Dounin <mdounin@mdounin.ru> wrote: >Hello! > >On Thu, Oct 11, 2012 at 11:35:16AM -0400, AJ Weber wrote: > >> I didn't double-check yet, but it looks like if I set this up, and >> the client does not have a cby aweber - Nginx Mailing List - English
I didn't double-check yet, but it looks like if I set this up, and the client does not have a client-side certificate, nginx is returning either a 400 (or more likely a 403)? Is there any way I can be entirely "rude" and re-map the return code if you do not have a client certificate to 444? Thanks again, AJ On 10/10/2012 6:51 PM, Maxim Dounin wrote: > Hello! > > On Wed, Oby aweber - Nginx Mailing List - English
So far, I am loving nginx. :) Thanks! On 10/10/2012 6:51 PM, Maxim Dounin wrote: > Hello! > > On Wed, Oct 10, 2012 at 05:16:12PM -0400, AJ Weber wrote: > >> I think I might have found my answer to this. >> >> I can generate my own (or use any different) CA and add that in >> ssl_client_certificate<path>; >> And then set ssl_verify_client on; >&gby aweber - Nginx Mailing List - English
I think I might have found my answer to this. I can generate my own (or use any different) CA and add that in ssl_client_certificate <path>; And then set ssl_verify_client on; This appears to work in initial testing. So my follow-up is: 1) Does this sound like the way to make my original question work? 2) Can I revoke certificates, and will nginx check a revocation list of some kind? Tby aweber - Nginx Mailing List - English
Can I install and configure nginx to use a "public"/global CA's SSL Certificate like Verisign, AND force (require) the use of client SSL certificates, AND allow those client/browser-certificates to be from a different CA/root? For example, openca or some self-signed setup that I use to just distribute client certificates to my registered users? Let me know if I am not asking the quby aweber - Nginx Mailing List - English
This worked exactly as Igor described. Thank you! -AJ On 10/5/2012 6:08 AM, Igor Sysoev wrote: > On Thu, Oct 04, 2012 at 02:20:30PM -0400, AJ Weber wrote: >> I would like to "override" the intent of the app server that is >> basically disabling any caching of the backend file. For example, they >> are embedding a "noCache=#######" parameter at the end ofby aweber - Nginx Mailing List - English
I will be setting up a "server" for webdav access. Basically for SSL session caching only, not much else but that and proxy back to the actual app server. Do I need the webdav and the ngx-dav-ext-module to support all the WEBDAV http methods just to pass-thru? Or are those modules just needed if I want to filter and/or parse the http traffic? Thanks, AJ _________________________by aweber - Nginx Mailing List - English
My reservation is whether I need to compile it, and how. Can nginx use shared libraries or do I have to recompile that from source too? I think I would like to try it if someone can tell me the necessary steps (or goes ahead and builds it for centos 6). -Aaron Alan Silva <alansilva@acm.org> wrote: >Hi, > >I recommend you to try use of modsecurity for NGINX, with some >adapby aweber - Nginx Mailing List - English
I would like to "override" the intent of the app server that is basically disabling any caching of the backend file. For example, they are embedding a "noCache=#######" parameter at the end of the URL (there are other parameters following, but if I can check the url up-to the "?" that would suit me fine). This is actually a dynamically generated SWF file, but thby aweber - Nginx Mailing List - English
So this probably will work if I have the access_log AND include a copy of the proxy_pass directives in the nested location. The proxy_set_header, proxy_cache..., etc. would all be inherited automatically in the nested location, so I can leave those in the parent? On 9/26/2012 11:44 AM, Maxim Dounin wrote: > Hello! > > On Tue, Sep 25, 2012 at 10:05:44PM -0400, AJ Weber wrote: > &gby aweber - Nginx Mailing List - English
OK, I am positive this is easy for you experienced nginx users! I have a backend app server setup and am using nginx for caching/proxy/ssl-termination. I would like to use the "default" server (listening on 443) to redirect the url https://host/monit to the server's monit-mini-http server (and continue to use it for ssl termination). so I need to direct the backend to http://localby aweber - Nginx Mailing List - English
I am interested in using a nesting of some sort so that I don't have to duplicate all the proxy- and other directives for one "special case". Basically, I'd like a very small subset of my webapp to also write to a separate access-log. When a user hits that particular page, I would like to log it, AND also perform all the directives for the rest of the site that are already configurby aweber - Nginx Mailing List - English
I _think_ I got this working (I will continue testing) by adding: proxy_pass_header Authorization; to the location. Might have done the trick. Thank you for the response. -AJ On 9/25/2012 5:35 PM, Francis Daly wrote: > On Tue, Sep 25, 2012 at 03:01:15PM -0400, AJ Weber wrote: > > Hi there, > >> I'm having trouble setting up nginx in front of tomcat to handle ssl and >by aweber - Nginx Mailing List - English
I'm having trouble setting up nginx in front of tomcat to handle ssl and reverse proxy/caching. Basically the webapp behind nginx uses http authentication (browser prompts, not a webpage login), and I think what's happening is that handshake/traffic is not getting back and forth for the initial connection. The authentication is performed against a custom implementation, so I can't just remoby aweber - Nginx Mailing List - English
The tarball on their frontpage (modsecurity.org) apparently has it included now. From what I read it was originally in a separate sub-project or something. I'm all for hearing from naxi users too! Functionally, it appears that ModSecurity has many more options, but it's in RC, versus naxi that has been available for a while. On 9/13/2012 11:38 AM, Rainer Duffner wrote: > Am Thu, 13 Sepby aweber - Nginx Mailing List - English
Would like to integrate WAF functionality/capability with nginx. Has anyone tested the latest version of ModSecurity (2.7.0), which apparently has a module for nginx? Interested in any and all feedback and recommendations. Thanks, AJ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby aweber - Nginx Mailing List - English
I am running a few webapps on Tomcat, and placing nginx in front for SSL, content caching and to remove some of the load from Tomcat where possible (currently testing v1.2.3 on CentOS 6.x). I have most of the configuration working well (nginx is very slick, and pretty easy to configure). However, I have some static content like swf (flash) files that are served to the client browser with parby aweber - Nginx Mailing List - English