Hi Abhishek, i'm not 100% sure to understand exactrly what you'd like to do, especially the request-body-manipulation-part. nginx_lua is usually quite handy when you have the need to manipulate a request: http://wiki.nginx.org/HttpLuaModule#access_by_lua you can jump into the acces- or rewrite-phase, make your processing and pass the result to your upstream-servers using proxy_pass aby mex - Nginx Mailing List - English
Hi tim, > Hi, > > I would like to redirect to an external URL which is hosted as a > apache > virtual host. redirect or proxy_pass? correct wording is important here > nginx resolves the host of the url which obviously does little to > resolve to the correct web root on the server. i dont understand what you mean here. if nginx doesnt resolve a dns-nameby mex - Nginx Mailing List - English
hi, does this link helps? > http://gadelkareem.com/2012/03/25/limit-requests-per-ip-on-nginx-using-httplimitzonemodule-and-httplimitreqmodule-except-whitelist/ cheers, mexby mex - Nginx Mailing List - English
hi, does you errorlog tells you something?by mex - Nginx Mailing List - English
nginx has a last flag too: http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewriteby mex - Nginx Mailing List - English
so it looks more like a php/processing-problem, no? cheers, mexby mex - Nginx Mailing List - English
Hi, you can use the nginx-sticky-module if you need sticky sessions https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng it just has no way to extract the routing-info from tomcat-routes (yet, we're working on it) and comes with an own cookie, but is production-ready cheers, mexby mex - Nginx Mailing List - English
Hi, do you see this problem when accessing static files as well as php-files rendered by php-fpm? did you made a perftest on /static/small.css /path/index.php? would be interesting to see if this is a php-based problem. cheers, mexby mex - Nginx Mailing List - English
in a blogpost[1] from tim taubert of firefox/mozilla - team he states, when wanting to have PFS: "The best you can do to provide forward secrecy to visitors is thus again switch off session ticket support until a proper solution is available." when using ssl_session_cache / ssl_session_timeout, because: "Just as Apache, Nginx should provide a configuration directive to allby mex - Nginx Mailing List - English
nope, this seems to be a longer-known problem: http://forum.nginx.org/read.php?10,233386,template=head i (at least) did not got it working, either with "default 300;" or with set katimeout 300;by mex - Nginx Mailing List - English
Hi, since this howto-area is not so frequently read, please post and discuss your question over at the mailing-list: http://forum.nginx.org/list.php?2 cheers, mexby mex - How to...
Hi Robert, you could probably work around this issues with map / if: map $http_user_agent $ios8_ua { default 0; "YOUR_REGEX_HERE" 1; } and then use the evil IF: if ($ios_ua) { keepalive_timout 0; } http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#if http://nginx.org/en/docs/http/ngx_http_map_module.html cheers, mexby mex - Nginx Mailing List - English
please delete your browser-history for every browser, restart your nginx and test again. cheers, mexby mex - Nginx Mailing List - English
Hi, > I would like nginx to manage the requests among the three instances above, depending on the load. Is it correctly defined? what you have defined is a round-robin-based loadbalancing, what you probably would like to do is a loadbalancing based on the connections processed: http://nginx.org/en/docs/http/ngx_http_upstream_module.html#least_conn "Specifies that a group shoby mex - Nginx Mailing List - English
nice! http://mozilla.github.io/server-side-tls/ssl-config-generator/ did not tested all profiles, but intermediates gives A+ on ssllabs, supports every browser expect winxp/ie6 and has all the goodies enabled $ ./testssl.sh example.com ######################################################### testssl.sh v2.1alpha (https://testssl.sh) --> Testing Protocols SSLv2 Locby mex - Nginx Mailing List - English
Hi Raul, > I don't know what cookie is, the site is http://urbania.pe > if you dont know the cookie-name you cannot reset them from nginx, but i see quite a few in my developer-tools. i'd suggest you create a location that match this false redirect-location and reset the cookies from within this location, and the redirect users to / after this reset. http://www.ebrueggemaby mex - Nginx Mailing List - English
Hi Raúl, do you have the cookie-name or is it random?by mex - Nginx Mailing List - English
for scanners/indexes of public services your might search for "shodan" for the valid use of security trhough obscurity: "My thoughts on this are that obscuring information is helpful to security in many cases as it can force an attacker to generate more "noise" which can be detected. Where obscurity is a "bad thing" can be where the defender is relyingby mex - Nginx Mailing List - English
hello, > Session resumption (caching) No (IDs assigned but not > accepted) > Session resumption (tickets) No INTOLERANT > > Should I change my config to alter these two results (for performance > OR > security)? If so, can anyone identify what config options I should > add/change? ssl_session_cache might be useful, please read: http://nby mex - Nginx Mailing List - English
hi tunist, if you want to test your server for CCS-vuln you might use https://www.ssllabs.com/ssltest/ or the testscript from https://testssl.sh/ when you prefer to test locally. > > though when i run openssl version, i see: OpenSSL 1.0.1e-fips 11 Feb > 2013 not sure why..!? distros backport patched but usually dont ship new versions, thus dont update version-numbersby mex - Nginx Mailing List - English
CCS-scan probably, see https://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#ccs-early-changecipherspec-attack) what openssl-version do you use? cheers, mexby mex - Nginx Mailing List - English
i think it's a nice idea and surely will participate with some stuff like securtiy-headers (CSP/X-Frame-Options etc) single issues/questions mgith still be discussed on-list, and it should be no problem to post updates here from time to time. cheers, mexby mex - Nginx Mailing List - English
hi, i'd suggest you collect your snippets in the nginx-wiki http://wiki.nginx.org/ and link your collecftion back to http://wiki.nginx.org/Configuration thus it will be easier to maintain and extend. cheers, mexby mex - Nginx Mailing List - English
maybe related (maxims answer) http://forum.nginx.org/read.php?2,254016,254050#msg-254050by mex - Nginx Mailing List - English
iirc you donw need a $1 behind alias like in rewrite-rules http://nginx.org/en/docs/http/ngx_http_core_module.html#alias the following should work location /wifi { alias /var/www/owums/public; # <-- be sure to point to 'public'! passenger_base_uri /wifi; passenger_app_root /var/www/owums; passenger_document_root /var/www/owums/public; passenger_enabled on;by mex - Nginx Mailing List - English
> Regarding POODLEbleed[1] issue, I've disable SSLv3 on `ssl_protocols` thats the most important part > directive. But, ssllabs.com says that : > > ---- snip ---- > Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more > info[2]) TLS_FALLBACK_SCSV also prevents downgrades from TLSv1.2 -> TLSv1.1 -> TLSv1 and has got nothing to do with SSLby mex - Nginx Mailing List - English
what does cipherscan says? https://github.com/jvehent/cipherscan you can run that from the server nginx runs onby mex - Nginx Mailing List - English
hi, > > > > - make sure you are testing correct server. > > i'd suggest to configure an additional access/error-log in that server {} - block, to be 100% sure. regards, mexby mex - Nginx Mailing List - English
could youe please send/gist your (anonymized) server {} configs? one suggestions: enable 2 different access-logs for each server-black and confirm requests to dom1.com go to the configured dom1.com and requests to dom2.com go to the configured dom2.com. once you are sure the requests go to the right server {} - config we can try to figure out whats happening. cheers, mexby mex - Nginx Mailing List - English
hi, did you even tried too google it? dork: "logging post body nginx" http://stackoverflow.com/questions/4939382/logging-post-data-from-request-body cheers, mexby mex - Nginx Mailing List - English