> Since you are using newer openssl, you may want to apply this patch I agree, many thanks to Piotr Sikora and to you, Frank! 2nd patch applied as well. My error log is a lot more readable now. I can see those real critical messages without being cluttered by meaningless/unfixable SSL issues. Any chance those are merged into nginx 1.15.2?by shiz - Nginx Mailing List - English
> Those unsupported ssl version messages should be in "info" level That is a very useful patch, many thanks Frankby shiz - Nginx Mailing List - English
> You may want to update OpenSSL. Thanks but I did and almost zero browser was able to use draft 26 or 28. Therefore I downgraded OpenSSL from 1.1.1-pre8 to 1.1.1-pre2 (draft 23). Although TLS 1.3 has been finalized, Openssl 1.1.1 is still work in progress. Tested with latest Opera, Palemoon, Blackhawk, Vivaldi and Slimjet. I don't use Chrome nor Firefox. Had to disable CT too, gby shiz - Nginx Mailing List - English
Hi, I see those messages in my error logs daily. ``` 2018/07/07 08:01:32 31935#31935: *342781 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 173.208.91.177, server: 0.0.0.0:443 2018/07/07 08:06:24 31939#31939: *343099 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_by shiz - Nginx Mailing List - English
> In most cases, $server_name is the variable you want. Thanks so much. Works like a charm. This simplifies my configuration/maintenance a lot. Best!by shiz - Nginx Mailing List - English
Hello, I have something in one of my server bloc: ``` # switch to TLS for page.php, contact.php, faq.php, known https sources and / if ($scheme = http) { set $rule_9 1$rule_9; } if ($outdated = 0){ set $rule_9 2$rule_9; } if ($request_uri ~ "^/(auction|biglemon|carview(-bike)?|carsensor(-c)?|daihatsu|gazoo|goo(bike(-catalog)?|net)|honda|koubai|kuriyama-truby shiz - Nginx Mailing List - English
I could make it easily from localhost: curl -i -X OPTIONS http://www.server.com/css/reset.css -> xxx.xxx.xxx.190 - - [30/Jun/2018:11:33:53 -0700] "OPTIONS /css/reset.css HTTP/1.1" 200 0 "-" "curl/7.38.0" HTTP/1.1 200 OK Server: nginx Date: Sat, 30 Jun 2018 18:47:49 GMT Content-Type: text/css Content-Length: 0 Connection: keep-alive Expect-CT: enforce;by shiz - Nginx Mailing List - English
'if ($args ~ "&$") { return 400; }' Thanks a lot! Exactly what I needed :)by shiz - Nginx Mailing List - English
'The & to & conversion is another sign of a poor quality crawler.' I wasn't referring to any of them but to '&'. Important difference. Also explaining my failure to filter it from parameters since parameters contains an equal sign. E.g. ...&= something or even &= & or & would also easy do filter out. But that is not the problem I'm having hereby shiz - Nginx Mailing List - English
I see another poster have written this, and deleted it afterwards. `This is almost certainly not Google as they obey robots.txt. The & to & conversion is another sign of a poor quality crawler. Check the RDNS and you will find it's probably some IP faking Google UA, I suggest blocking at network level.` My actual reply: 1 - It is Google 2 - They do not always a user frieby shiz - Nginx Mailing List - English
Ah! Thank you very much. Recompiled with older openssl 1.1.1 pre2 since current browsers implement draft 23 atm. It's working now.by shiz - Nginx Mailing List - English
Hi, Recently, Google has started spidering my website and in addition to normal pages, appended "&" to all urls, even the pages excluded by robots.txt e.g. page.php?page=aaa -> page.php?page=aaa& Any idea how to redirect/rewrite this?by shiz - Nginx Mailing List - English
Hi, I can't see what I'm doing wrong. When I visit https://www.cloudflare.com/ with my browser TLS 1.3 is used. However when I visit my website, TLS 1.2 is selected instead. My browser (opera 53) has this in its command line: " --ssl-version-max=tls1.3 --tls13-variant=draft" Nginx is compiled like this: nginx version: nginx/1.14.0 built with OpenSSL 1.1.1-pre7 (beta) 2by shiz - Nginx Mailing List - English
Maxim Dounin Wrote: ------------------------------------------------------- > > The following patch should fix this, please test if it works for > you: > > # HG changeset patch > # User Maxim Dounin <mdounin@mdounin.ru> > # Date 1520919437 -10800 > # Tue Mar 13 08:37:17 2018 +0300 > # Node ID 649427794a74c74eca80c942477d893678fb6036 > # Parentby shiz - Nginx Mailing List - English
Any idea on how to keep those 499 errors out of the logs? I already do it for some specific 444 if specific condition { set $loggable 0; return 444; }by shiz - Nginx Mailing List - English
Yes, but I prefer to generate the *.br first and use brotli_static on; instead The browser will happily download the *.br if supported; otherwise gzip will be selected.by shiz - Nginx Mailing List - English
Hey, nice catch, thanks so much! access_log on is not defeating access_log off; replaced the directive with: location = /Scripts/awstats_misc_tracker.js { } Thanks to both of you. Solved.by shiz - Nginx Mailing List - English
1 - If I disable that section #location ~* ^.+\.(css|js)$|^/(css|Scripts|uploads)/ { #expires -1; #access_log off; #log_not_found off; #} location = /Scripts/awstats_misc_tracker.js { access_log on; } the javascript are shown in the log. /Scripts/awstats_misc_tracker.js isn't though. 2 - Now if also disable that section, /Scripts/awstats_misc_tracker.js is finally showingby shiz - Nginx Mailing List - English
yes of course I've reordered them too: location = /Scripts/awstats_misc_tracker.js { access_log on; } location ~* ^.+\.(css|js)$|^/(css|Scripts|uploads)/ { expires 50d; access_log off; log_not_found off; add_header Cache-Control "public"; } nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration fby shiz - Nginx Mailing List - English
Thanks, unfortunately it does not work grep awstat nginx/access.log |wc -l 0by shiz - Nginx Mailing List - English
Hello, I exclude the stylesheets and javascript from the logs to alleviate them. However I would want to make an exception for awstats. So far the following doesn't work. Any help? location ~* ^.+\.(css|js)$|^/(css|Scripts|uploads)/ { expires -1; access_log off; log_not_found off; } location ~* ^/Scripts/awstats_misc_tracker.js { access_log on; }by shiz - Nginx Mailing List - English
/var/www/html/index.nginx-debian.htmlby shiz - Nginx Mailing List - English
Excellent. Very grateful for the clarification! Maxim Dounin Wrote: ------------------------------------------------------- > > If you want nginx to listen on both IPv4 and IPv6, you have to use > both > > listen 80; > > and > > listen [::]:80; > > in your configuration. > > With nginx running, you can use "netstat -nlby shiz - Nginx Mailing List - English
There is a lot of confusion in the answers I fount about it. When I installed nginx first, it was the debian jessie version 1.6.2 and the configuration to listen to both ipv4 and ipv6 was #server { # listen 80; # listen [::]:80; # # server_name example.com; # # root /var/www/example.com; # index index.html; # # location / { # try_fby shiz - Nginx Mailing List - English
I've inplemented something based on https://community.centminmod.com/threads/blocking-bad-or-aggressive-bots.6433/ Works perfectly fine for me.by shiz - Nginx Mailing List - English
I rate limit them using the user-agentby shiz - Nginx Mailing List - English
Thanks for the details. I've recompiled without the nginx-upstream-fair module and all went well. It looks unmaintened and I don't really need it. Code is 8 years old. Best!by shiz - Nginx Mailing List - English
Hi, I build it every time a new version is available. This one didn't make it. System is Debian 8 jessie (...) /usr/local/src/nginx/nginx-1.11.6/debian/modules/nginx-upstream-fair/ngx_http_upstream_fair_module.c: In function ‘ngx_http_upstream_init_fair_rr’: /usr/local/src/nginx/nginx-1.11.6/debian/modules/nginx-upstream-fair/ngx_http_upstream_fair_module.c:543:28: error: ‘ngby shiz - Nginx Mailing List - English
Interesting! Thank you so much!by shiz - Nginx Mailing List - English