This seems to be resolved - since headers has a underscore nginx was not passing the request hence I added the setting underscore on in nginx.by blason - Nginx Mailing List - English
Hi Team, I am trying to proxied the connection while receiving below error in error.log; can someone please help? client sent invalid header: "x-challenge_response" while reading client request headers, client: 2402:e280:3e2f:65:b58f, server: xx.xxx.xx, host: "xx.xxx.xx" My nginx version in 1.24by blason - Nginx Mailing List - English
Hi Team, I just setup nginx version on Ubuntu 24.0 and configured proxy_pass settings however page is not getting opened and consistently getting below error 2024/04/01 18:10:37 73898#73898: *5247 SSL_do_handshake() failed (SSL: error:0A0000BF:SSL routines::no protocols available) while SSL handshaking to upstream, client: xx.xx.xx, server: eb.example.com, request: "GET / HTTP/2.0&quoby blason - Nginx Mailing List - English
Hi Team, I am designing reverse proxy and below are counts for 12 hours. Total IIS logs captured around 29061202. I am considering almost double of those for 24 Hours. The portal is completely HTTPS and its a bank main website but not net banking one. My concern is how many cores and RAM would needed eventually to cater the requests. TIA Blason Rby blason - Nginx Mailing List - English
Hi Team, I have my nginx reverse proxy set on IPv6 and my backend website is listening on IPv4. Wondering if the requests comes in for IPv6 with FQDN can nginx route the requests back to backend server on IPv4 FQDN? e.g. Fronend test.example.com --- > NGINX Ipv6 Backend test.exmaple.com ==> 192.168.5.4by blason - Nginx Mailing List - English
I guess I found java script on github but not sure how do I use this with nginx to detect the headless Browsersby blason - Nginx Mailing List - English
Hi Team, I am running Nginx as a reverse proxy with modsec as a waf; wondering if we can block requests generated by Headless browser in nginx config? TIAby blason - Nginx Mailing List - English
Hi team, Can any one enlighten me on sizing a hardware for my below setup? I have one portal which has got around 40RPS i.e. Request Per Second. The application is http. So if I calculate this considering 40 RPS 40x24 = Around 1000 Hits/Min 60000 / Hour x 12 = 720000 (Since my application is majorly accessible in day time only) Can someone please help? How much RAM and CPU Cores shouldby blason - Nginx Mailing List - English
Any way guys - Finally I achieved it using modsecurity custom rules. I could not accomplish it using nginx stanza though.by blason - Nginx Mailing List - English
Hi Guys, Any luck on this; surprisingly I am still struggling on the blockage part. Can someone please help?by blason - Nginx Mailing List - English
Hi Team, My website is at https://www.example.com and I have a CMS Panel at https://www.example.com/administrator -> 301 -> https://www.example.com/administrator/ -> 302 https://www.example.com/administrator/Login.aspx?Session=Out And I am trying to restrict the access to /administrator but this is not working - Can someone please help? location ~*/administrator { allow 10.by blason - Nginx Mailing List - English
Hi Team, Is there any third party patch or protection against slowloris attack or does any one know how do I protect my Reverse proxy against such attacks? TIA Blason Rby blason - Nginx Mailing List - English
Hi Team, Ref to the tweet and wondering if we can block those on Nginx reverse proxy? https://twitter.com/0x0SojalSec/status/1622998359920488448?s=20&t=CxvlX1phoHnMfZOhk7j-5wby blason - Nginx Mailing List - English
Just to clear doubts this is SAP HANA Fiori portal and I wanted to put that behind Nginx reverse proxy.by blason - Nginx Mailing List - English
Hi Team, Here is the some weird issue I am facing and I really appreciate if someone can help? I have portal test.example.com which is currently being accessed as https://test.example.com:44300/sap/bc/ui2/flp I need to put this behind Nginx reverse proxy however I want user to access only http://test.example.com --> It will be redirected to https://test.example.com//sap/bc/ui2/flp Thby blason - Nginx Mailing List - English
Yes - He is right; everything is revolves around DNS and even my error is with DNS resolving as it was not able to resolve the ocsp.godaddy.com hence please troubelshoot from DNS perspetive.by blason - Nginx Mailing List - English
Yes - He is right; everything is revolves around DNS and even my error is with DNS resolving as it was not able to resolve the ocsp.godaddy.com hence please troubelshoot from DNS perspetive.by blason - Nginx Mailing List - English
Hi, Did you check error log or syslog? Is that spitting out any errors? Do you have SSL_OCSP settings configured and it might not be able to reach to the protocol? I mean I had 45 portals and was facing a same issue. Later when I done the debug I found that ocsp.godaddy.com was not reachable and it verifies every time we reload the service. Just a heads up though.by blason - Nginx Mailing List - English
I see - that;s a nice suggestion. Let me see how this goes.by blason - Nginx Mailing List - English
Well this is particularly I noticed for https vhost config. The CSP headers are properly being displayed for http but not https. Here is my config more /etc/nginx/conf.d/sec-headers.conf add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;" always; server { include /etc/nginx/apploxconf.d/applox-bots-declaby blason - Nginx Mailing List - English
Hi All, I am trying to set a CSP headers in my nginx reverse proxy and those are not appearing even after multiple attempts. Any idea what is wrong or why the header is not getting added? TIA Blason Rby blason - Nginx Mailing List - English
Yes - with Proxy_pass you can and if not use Iptables to port forward the traffic.by blason - Nginx Mailing List - English
Hi Guys, I am about to implement a CSP policy for my servers on my nginx reverse proxy server. Since those are production websites as per guidelines I need to put the policy in report only mode and send a report to another webserver which would accept the POST response. However I tried building a simple webserver on nginx but no luck. Can someone please help me about building an CSP report oby blason - Nginx Mailing List - English
Nothing interesting as such however below is the curl output from nginx server curl -I https://xxx.xxxx.xxx:8081/neutrino-sso-web HTTP/1.1 302 Found Date: Thu, 17 Nov 2022 17:57:10 GMT Server: JBoss-EAP/7 Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Powered-By: Undertow/1 X-Powered-By: JSP/2.3 X-Frame-Options: DENY Location: https://xxxx.xxxx.xxxx:8081/neutrby blason - Nginx Mailing List - English
Hi Team, I have current URL as https://xxx.xxx.xxx:8081/neutrino-sso-web/ which is directly natted on firewall on pot 8081 However I now would like to put this URL behind nginx reverse proxy. Since the above URL is given to lot many customers it would not be possible to change the URL. we are planning to change it graudally. However mean time I installed the nginx and trying to relay the saby blason - Nginx Mailing List - English
Thanks appreciate it. Will have to check and confirm. By the way which one would you confirm is preferable method rewrite or return?by blason - Nginx Mailing List - English
Hi Team, I am trying to write a below rewrite rule but somehow this is not working and I would really appreicate if someone can help me on this? I have a website http://web1.example.local/web1 Instead I need a rewrite so that if user enters http://web1.example.local it will be diverted to http://web1.example.local/web1 server { listen 80; server_name web1.example.localby blason - Nginx Mailing List - English
Any specific card or hardware device that you can suggest for the setup?by blason - Nginx Mailing List - English
Thanks a lot for your inputby blason - Nginx Mailing List - English
Hi Team, I wanted to know the possibilities with Nginx SSL offloading to separate CPU card or any other hardware? How do I achieve better performance with Nginx SSL offloading? Do I need to go with more CPU cores? or dedicated card or any other mechanism? Can someone please suggest? TIAby blason - Nginx Mailing List - English