On Fri, 23 Feb 2018 18:54:48 -0800 "lists@lazygranch.com" <lists@lazygranch.com> wrote: > On Thu, 22 Feb 2018 18:40:12 -0800 > "lists@lazygranch.com" <lists@lazygranch.com> wrote: > > > When I was using FreeBSD, the access log was real time. Since I went > > to Centos, that doesn't seem to be the case. Is there some way to > > flush theby gariac - Nginx Mailing List - English
On Thu, 22 Feb 2018 18:40:12 -0800 "lists@lazygranch.com" <lists@lazygranch.com> wrote: > When I was using FreeBSD, the access log was real time. Since I went > to Centos, that doesn't seem to be the case. Is there some way to > flush the buffer? > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.orgby gariac - Nginx Mailing List - English
When I was using FreeBSD, the access log was real time. Since I went to Centos, that doesn't seem to be the case. Is there some way to flush the buffer? _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
Presently I'm putting maps in the server location. Can they be put in the very top to make them work for all servers? If not, I can just make the maps into include files and insert as needed, but maybe making the map global is more efficient. _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
Well that was it. You can't believe how many hours I wasted on that. Thanks. Double thanks. I'm going to mention this in the Digital Ocean help pages. I disabled selinx, but I have a book laying around on how to set it up. Eh, it is on the list. On Wed, 20 Dec 2017 14:17:18 +0300 Aziz Rozyev <arozyev@nginx.com> wrote: > Hi, > > have you checked this with disabled selinux ?by gariac - Nginx Mailing List - English
I'm setting up a web server on a Centos 7 VPS. I'm relatively sure I have the firewalls set up properly since I can see my browser requests in the access and error log. That said, I have file permission problem. nginx 1.12.2 Linux servername 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux nginx.conf (with comments removed for brevity and my domainby gariac - Nginx Mailing List - English
For what situation would it be appropriate to use "nodelay"? Original Message From: francis@daoine.org Sent: December 2, 2017 3:02 AM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: Re: Re: How to control the total requests in Ngnix On Fri, Dec 01, 2017 at 11:18:06AM +0800, tongshushan@migu.cn wrote: Hi there, Others have already given some details, so I'll try to put eby gariac - Nginx Mailing List - English
Is this limiting for one connection or rate limiting for the entire server? I interpret this as a limit for one connection. I got rid of the trailing period. https://en.wikipedia.org/wiki/Leaky_bucket A request is one line in the access log I assume, typically a html verb like "get". I use a single core VPS, so I don't have much CPU power. Unless the verb action is trivial, I doubtby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
Here is a log of real life IP limiting with a 30 connection limit: 86.184.152.14 British Telecommunications PLC 8.37.235.199 Level 3 Communications Inc. 130.76.186.14 The Boeing Company security.5.bz2:Nov 29 20:50:53 theranch kernel: ipfw: 5005 drop session type 40 86.184.152.14 58714 -> myip 80, 34 too many entries security.6.bz2:Nov 29 16:01:31 theranch kernel: ipfw: 5005 drop session type 4by gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
Isn't multipart the means to speed up downloading with multiple streams? So wouldn't rate limiting solve the problem? Original Message From: lists@lazygranch.com Sent: October 18, 2017 3:15 PM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: Re: max_ranges not working This needs further explaining. If you rate limit, a multiple connection download manager won't download any faster.by gariac - Nginx Mailing List - English
This needs further explaining. If you rate limit, a multiple connection download manager won't download any faster. Original Message From: lists@lazygranch.com Sent: October 18, 2017 3:13 PM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: Re: max_ranges not working I know max connections will solve this, but the drawback is you could have some large user behind a NAT, which wouldby gariac - Nginx Mailing List - English
I know max connections will solve this, but the drawback is you could have some large user behind a NAT, which would lock out users. I used a multiple connection download manager to verify this. This ranges feature sounds great. I look forward to you getting it to work. ;-) Original Message From: nginx-forum@forum.nginx.org Sent: October 18, 2017 3:05 PM To: nginx@nginx.org Reply-to: ngby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
The trouble is nginx does a fair amount of work before blocking the IP address, unless things have changed. My recollection is it parses the whole request. Obviously it doesn't send any data. So you are better off blocking with the firewall. You do need to know your audience. Something related to a university could generate a number of simultaneous users behind one IP. In my case Boeing triggereby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
I just detect the use agent and return 444, but every attempt to get a file will show up in your access.log. https://www.buildersociety.com/threads/block-unwanted-bots-on-apache-nginx-constantly-updated.1898/ I get two or three jorgee "sessions" a day. They tend not to use the domain name but reference your server by IP, so there might be some better blocking scheme. Original Mesby gariac - Nginx Mailing List - English
I'm curious why this request got a 400 response rather than a 404. 400 123.160.235.162 - - [16/Jul/2017:22:56:30 +0000] "GET /currentsetting.htm HTTP/1.1" 173 "-" "-" "-" log_format main '$status $remote_addr - $remote_user [$time_local] "$request" ' '$body_bytes_sent "$http_referer" ' '&quby gariac - Nginx Mailing List - English
I took the opposite approach. You put a funny character in the URL, you get a 444. I only allow underscore and hypen. For a while, I was getting fuzzed. Maybe a year ago it was a thing. Nothing bad happened, which I would say is a tribute to Nginx. I just returned 404s, but I figured I better trap this behavior before my luck runs out. Original Message From: c0nw0nk Sent: Friday,by gariac - Nginx Mailing List - English
But in actual use, you would just run nginx as a service, so I don't get the sudo initiation. In fact, unless you run a very simple website, nginx alone isn't sufficient, so you would be starting a number of services. I make enough work for myself, but if security is an issue, I'd suggest setting up a jail. But only after nginx itself is hardened. Original Message From: Alberto Castilby gariac - Nginx Mailing List - English
I guess I'm missing something here since nginx should be invoke by "service" such as "service nginx restart". Original Message From: Alberto Castillo Sent: Friday, July 14, 2017 8:05 AM To: nginx@nginx.org Reply To: nginx@nginx.org Subject: Re: FreeBSD Clean Install nginx.pid Permissions Errors On 07/14, Jim Ohlstein wrote: > Hello, > > On 07/14/2017 10:39 AM,by gariac - Nginx Mailing List - English
On Thu, 13 Jul 2017 23:46:12 +0100 Francis Daly <francis@daoine.org> wrote: > On Thu, Jul 13, 2017 at 09:37:08AM -0400, Viaduct Lists wrote: > > Hi there, > > > nginx -t > > If you were running this command as "root", would that prompt say > "root@neb" and end with a # ? > > > nginx: the configuration file /usr/local/etc/nginx/nby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
I'd suggest the online guides on anti-DDoSing for NGINX. They cover limiting the number of connections, etc. Of course in reality these schemes would just limit some some kid in the basement from flooding your server rather than a real DDoS attack. But better than nothing, plus what is in those guides is effective for taming aggressive download managers that try to open multiple connections.by gariac - Nginx Mailing List - English
Simply to reduce the attack surface, I would not use PHP if all that is served is static pages. If you are just serving static pages, you may be able to reduce your verbs to "head" and "get". That is avoid "post." Again attack surface reduction. I put PHP in a "map" search and it is a favorite hacker target. It may seem like overkill to look for attacksby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English