Hey itpp i am curious if you know the cause of a bug with your windows nginx builds. It is something to do with the worker processes. For some reason when i have "worker_processes auto;" i will occasionaly recieve a unknown web server error (usualy means a timeout) from cloudflare, but when i set it to "worker_processes 1;" i do not recieve the error is there some kindby c0nw0nk - Nginx Mailing List - English
Thanks for the help guys i have it working but i am not sure what config i should be using out of these two what one would be better. itpp2012's config : map $request $allowonly { default 1; ~*addmedia\.upload() 0; } server { listen 80; listen [::]:80; server_name sub1.domain.com; index index.php index.html index.htm default.html default.htm; location / { return 404; } locationby c0nw0nk - Nginx Mailing List - English
map $request $allowonly { default 1; ~*addmedia\.upload() 0; } location / { if ($allowonly) { try_files $uri $uri/ /index.php?$args; } } location ~ \.php$ { ##fastcgi pass etc here } That would be my location block to deny all requests except for that single php url but i cant add the static file to the map request since it would be handled by PHP when its a static file. How shoulby c0nw0nk - Nginx Mailing List - English
So i use nginx with PHP and i have the following two urls i want to allow access on the subdomain. The full url would be sub1.domain.com/index.php?option=com_hwdmediashare&task=addmedia.upload&base64encryptedstring if ( $args ~ 'option=com_hwdmediashare&task=addmedia.upload()' ) { } And sub1.domain.com/media/com_hwdmediashare/assets/swf/Swiff.Uploader.swf But i cant figby c0nw0nk - Nginx Mailing List - English
Should i have cgi.force_redirect enabled or disabled with Nginx because everywhere i look sort of contradicts eachother. Some say have it enabled some say have it disabled and this site has two seperate security posts that say you should have it disabled in one then enabled in another ? http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html http://www.cyberciti.biz/tipby c0nw0nk - Nginx Mailing List - English
Well yeah you only need a WAF if your web application or server is insecure in some way but you also have to look at the extra benefit it holds what is if you are using Public web based app's such as Drupal, Wordpress, Joomla, ClipBucket any kind of content management system because they are open source when security exploits are found or arise it does help block and slow down hackers until fixesby c0nw0nk - Nginx Mailing List - English
Thanks itpp2012 i also am curious if there are any specific or recommended naxsi firewall configs or things to use too other than the default config you supply with your builds ?by c0nw0nk - Nginx Mailing List - English
So i am curious on the security impacts on a windows server running nginx and php And if you have the following php.ini settings disabled. "cgi.force_redirect = 0" I saw itpp2012 posted the following open_basedir = s:/webroot/domain.nl doc_root = s:/webroot/domain.nl error_reporting = E_ALL & ~E_NOTICE error_log = s:/logging/php/domain.nl.errors.log upload_tmp_dir = s:/by c0nw0nk - Nginx Mailing List - English
Thats cool will you be posting that here or on your site looking forward to it :).by c0nw0nk - Nginx Mailing List - English
I dont think 8 php process can take that much traffic ?by c0nw0nk - Nginx Mailing List - English
itpp2012 with the PHP multi run you supply with your builds. start /min multi_runcgi.cmd 9000 start /min multi_runcgi.cmd 9001 start /min multi_runcgi.cmd 9002 start /min multi_runcgi.cmd 9003 start /min multi_runcgi.cmd 9004 start /min multi_runcgi.cmd 9005 start /min multi_runcgi.cmd 9006 start /min multi_runcgi.cmd 9007 start /min multi_runcgi.cmd 9008 start /min multi_runcgi.cmd 90by c0nw0nk - Nginx Mailing List - English
I just found something cool i am not sure if anyone knows but our browsers will always use the first supplied media file to play from. <?php if ($params->get('mp4')) : ?><source src="<?php echo $params->get('mp4'); ?>" type="video/mp4" /><?php endif; ?> <?php if ($params->get('webm')) : ?><source src="<?php echo $params-&gby c0nw0nk - Nginx Mailing List - English
Lukas Tribus Wrote: ------------------------------------------------------- > It heavily depends on the mp4 file used. moov atom needs to be at the > beginning of the file, for example. Get mp4box and read its doc, it > will help you prepare the file for streaming. > > > To: nginx@nginx.org > > Subject: Re: Nginx serving Large static files on windows > > Fromby c0nw0nk - Nginx Mailing List - English
Well i dont get it all at once i just have to wait like 44 seconds before the first byte or bit of the download so i can play the media while the rest of it downloads. It is such a unique issue. I never noticed it until now because when i watch the same length videos on youtube and places they stream it via rtmp with dash i recon. But when you delieve just a standard mp4 file for html5 streaminby c0nw0nk - Nginx Mailing List - English
Strange i think you are right i access the same mp4 size and vide length on other sites and they all do the same thing take like upto a miniute before they will play but a webm will play instantly. Any idea how i can fix this ? But what makes it strange is it does not happen with YouTube videos that are 10-48 hours long but then i think youtube uses rtmp streams what is proborly why.by c0nw0nk - Nginx Mailing List - English
So its not the server its not nginx and its my firefox and chrome ? Because i tried on chrome too and it takes just as long.by c0nw0nk - Nginx Mailing List - English
Sorry to keep posting this all seperatly but what makes this even stranger once 44 or so seconds pass and the media starts playing i can skip anywhere i like in the file and its fast as soon as i refresh and redownload i have to wait again. I dont know why there are other files just as large but not mp4's that download fast and can stream fast but with large mp4's nginx seems to either wait orby c0nw0nk - Nginx Mailing List - English
What a strange bug i am totaly confused because the way i generate media i also have a webm file of the same video and the webm you go to the url it may only be 900mb but its the same length (7 hours) and it loads instantly. The mp4 1.5gb 7hour long takes between 43 - 50 seconds before you can start to play the video.by c0nw0nk - Nginx Mailing List - English
I serve allot of media files from the server they are all quick and fine just this 1.5GB (7 hour long) mp4 file to be served / loaded seems to take 44 seconds and i also do not use the mp4; module.by c0nw0nk - Nginx Mailing List - English
It appears to maybe be something else the media file is about 1.5gb and it will just take about 44 seconds before it starts playing.by c0nw0nk - Nginx Mailing List - English
directio 2G; So i allow uploads of 2Gigs and i do streaming and with files being streamed that are 2gigs in size you can imagine things could of been loading a bit slow. Now itpp2012 mentioned to me in another area of the forum "(mapping a drive is slow, use direct ip access)" And with my drives mapped still as soon as i change this value parameters value to be 2G large video filesby c0nw0nk - Nginx Mailing List - English
I use a subdomain for uploads and i am curious if anyone knows the best way to only allow access to only the upload url and block / deny everything else. location / { deny all; } location ~ \.php$ { deny all; if ( $args ~ 'option=com_hwdmediashare&task=addmedia.upload()' ) { fastcgi_pass web_rack; } } Is this the best way ?by c0nw0nk - Nginx Mailing List - English
Thanks itpp2012 i downloaded the htpassword from the apachelounge.com builds :) works great now.by c0nw0nk - Nginx Mailing List - English
I hate to bring bugs into this topic but seems possible that this is something Windows related. But auth_basic is not working. I have not tested on a official NGINX build i am using itpp2012's builds what could be why it is not working but this is my config. location ~ ^/(administrator) { auth_basic "Restricted Area"; auth_basic_user_file C:/server/.htpasswd; }by c0nw0nk - Nginx Mailing List - English
I just read on the Wiki why you missed out putting head in the limit_except block. "Allowing the GET method makes the HEAD method also allowed."by c0nw0nk - Nginx Mailing List - English
Yeah sorry about that Maxim i don't actualy use the allow ip feature i accidently hashed out the #deny all; and this forum does not let us edit our posts. Other than that the following that you posted. if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } For nginx itself this is not needed. Something like this may be useful if you are protecting your backends. See also limit_exceby c0nw0nk - Nginx Mailing List - English
I have come across that same page before the one that is interesting me right now is based of mex's comment on Security in header responses. https://gist.github.com/plentz/6737338 # config to don't allow the browser to render the page inside an frame or iframe # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking # if you need to allow frames, you can use SAMEORIGIN or even seby c0nw0nk - Nginx Mailing List - English
Thanks mex i will submit a wiki page how long do they take to get added or approved ? Also one of the main reasons i posted it here was just to have everyone share what they use and some different and custom stuff.by c0nw0nk - Nginx Mailing List - English
I also came across the following what will completely drop Nginx server and PHP / ASP.NET etc Powered by headers. http { more_clear_headers 'Server'; more_clear_headers 'X-Powered-By'; http://wiki.nginx.org/HttpHeadersMoreModule#more_clear_headersby c0nw0nk - Nginx Mailing List - English
So since i searched the Nginx Forum i can't find anyone who has posted a topic for Nginx security rules or examples so i will be the first to share my examples regardless of how bad of a idea some people may think that is. So the first security addition is to block direct IP access to my server connecting via IP instead of a assigned domain name will result in a error or denied request. servby c0nw0nk - Nginx Mailing List - English