On Sat, Nov 26, 2011 at 03:16:27PM +0400, Igor Sysoev wrote: > Это патч использует realpath(3), а не гипотетический realpath(2) > и имеет те же проблемы, что FollowSymLink в Апаче. То есть, > 100% защиты не даёт, а даёт лишь иллюзию защищённости. Впрочем, realpath(2) тожby Igor Sysoev - Nginx Mailing List - Russian
On Sat, Nov 26, 2011 at 06:10:27AM -0500, adept wrote: > Pavel V. Wrote: > ------------------------------------------------------- > > Nginx - один из немногих путей. > > В разбираемой ситуации их, > > собственно, всего "два": > > - Веб-сервер nginx, запущенный > > от имby Igor Sysoev - Nginx Mailing List - Russian
On Fri, Nov 25, 2011 at 03:24:18PM +0000, John Moore wrote: > On 25/11/11 15:16, Igor Sysoev wrote: > > > > You can try this, but nginx will scan response body with ISO-8859-1 > > trying to convert it to utf-8: > > > > http { > > charset_map iso-8859-1 utf-8 {} > > > > server { > > charset utf-8; > >by Igor Sysoev - Nginx Mailing List - English
On Fri, Nov 25, 2011 at 02:51:24PM +0000, John Moore wrote: > I have been trying for some time now to get Tomcat to serve everything > with UTF-8 encoding, but some pages keep coming back with ISO-8859-1 > encoding. As Tomcat is sitting behind an nginx remote proxy server, I > was wondering whether I could configure nginx to override the encoding > automatically? I have added 'cby Igor Sysoev - Nginx Mailing List - English
On Fri, Nov 25, 2011 at 10:05:56PM +0700, Мисбах-Соловьëв Вадим wrote: > Во-первых, написано же в самом начале, это не баг, это just as planned. И сейчас обсуждается, стоит ли делать костыль для этого. > > Так же тут написано, что даже в апаче запреby Igor Sysoev - Nginx Mailing List - Russian
On Fri, Nov 25, 2011 at 01:54:17PM +0400, Alexandre Snarskii wrote: > PS: от атаки на хардлинках это по любому не защищает. Для создания хардлинка в отличие от симлинка нужны права. Никто не мешает в этом случае просто прочитать нужные файлы. -- Игорby Igor Sysoev - Nginx Mailing List - Russian
On Fri, Nov 25, 2011 at 01:46:23PM +0400, Igor Sysoev wrote: > On Fri, Nov 25, 2011 at 01:42:58PM +0400, Igor Sysoev wrote: > > On Fri, Nov 25, 2011 at 01:34:18PM +0400, Anton Yuzhaninov wrote: > > > On 11/25/11 13:25, Igor Sysoev wrote: > > > > http://httpd.apache.org/docs/2.2/mod/core.html#options > > > > > > > > FollowSymLinks > > >by Igor Sysoev - Nginx Mailing List - Russian
On Fri, Nov 25, 2011 at 04:56:50PM +0700, Мисбах-Соловьëв Вадим wrote: > On пт 25 ноя 2011 16:42:58 KRAT, Igor Sysoev <igor@sysoev.ru> wrote: > > > Нет, симлинк можно поставить в середину пути. > > И O_NOFOLLOW похоже тоже не поможет, потому что: > > > > O_NOFOLLOW > &by Igor Sysoev - Nginx Mailing List - Russian
On Fri, Nov 25, 2011 at 01:42:58PM +0400, Igor Sysoev wrote: > On Fri, Nov 25, 2011 at 01:34:18PM +0400, Anton Yuzhaninov wrote: > > On 11/25/11 13:25, Igor Sysoev wrote: > > > http://httpd.apache.org/docs/2.2/mod/core.html#options > > > > > > FollowSymLinks > > > SymLinksIfOwnerMatch > > > > > > This option should not be considereby Igor Sysoev - Nginx Mailing List - Russian
On Fri, Nov 25, 2011 at 01:34:18PM +0400, Anton Yuzhaninov wrote: > On 11/25/11 13:25, Igor Sysoev wrote: > > http://httpd.apache.org/docs/2.2/mod/core.html#options > > > > FollowSymLinks > > SymLinksIfOwnerMatch > > > > This option should not be considered a security restriction, > > since symlink testing is subject to race conditions that >by Igor Sysoev - Nginx Mailing List - Russian
On Fri, Nov 25, 2011 at 10:58:32AM +0400, Dmitry E. Oboukhov wrote: > > Собственно, уже не в первых раз, вижу > > что как-то, через nginx читают файлы > > других пользователей (php файлы, etc), чмод > > которых >=644. Как именно, пока не знаю. > > Тут >by Igor Sysoev - Nginx Mailing List - Russian
On Thu, Nov 24, 2011 at 07:28:39AM -0500, Craken wrote: > Не вижу смысла создавать конфиг > ООП-шного типа! Конфиг nginx - это просто > "инструкция", указывающая на то, как он > должен поступить в той или иной > ситуации! > Например при исby Igor Sysoev - Nginx Mailing List - Russian
On Thu, Nov 24, 2011 at 02:34:33PM +0400, Igor Sysoev wrote: > On Thu, Nov 24, 2011 at 02:13:07PM +0400, Dmitry E. Oboukhov wrote: > > Есть архитектуры [1], на которых отсутствует макрос PATH_MAX. > > > > Есть так же много размышлений (например [2]) в сети на тему почему > > PATH_by Igor Sysoev - Nginx Mailing List - Russian
On Thu, Nov 24, 2011 at 02:13:07PM +0400, Dmitry E. Oboukhov wrote: > Есть архитектуры [1], на которых отсутствует макрос PATH_MAX. > > Есть так же много размышлений (например [2]) в сети на тему почему > PATH_MAX использовать не стоит итп. > > Ну и есть в чby Igor Sysoev - Nginx Mailing List - Russian
On Wed, Nov 23, 2011 at 02:46:13PM -0500, EricTheRed03 wrote: > Hi Guys, > > In my HTTP config section in the config file, I would like to implement > a redirection based on this scenario: > > If the URL is not "http://sitea.com/exactmatch" then redirect to the > "https" home. else go to our hidden url (our testing boxes) > > #logic would be somthiby Igor Sysoev - Nginx Mailing List - English
On Thu, Nov 24, 2011 at 10:36:11AM +0530, Fasih wrote: > Hi Igor > > Really thankful for your patience with me. I think I now understood what > you are saying :). > > To summarize, header.hash == 0 is used as a flag > in ngx_http_header_filter_module.c:http_header_filter to test whether to > send the header downstream or not. Setting it to 1(or anything non-zero) is >by Igor Sysoev - Nginx Development
On Wed, Nov 23, 2011 at 08:29:00PM +0200, Gena Makhomed wrote: > On 23.11.2011 18:38, Igor Sysoev wrote: > > >> даже при 50-100 сайтов неудобно делать много include на каждый сайт, > >> гораздо удобнее все-таки подход "1 сайт == 1 конфигурационный файл". > > >by Igor Sysoev - Nginx Mailing List - Russian
On Thu, Nov 24, 2011 at 09:40:27AM +0200, Serguei I. Ivantsov wrote: > On 23.11.2011 18:35, Igor Sysoev wrote: > > А почему конфигурация должна выглядет объектно-ориентированно > Потому что так красиво, наглядно и понятно. От общего к частному. > Сначала определяby Igor Sysoev - Nginx Mailing List - Russian
On Wed, Nov 23, 2011 at 10:58:41PM +0530, Fasih wrote: > On Wed, Nov 23, 2011 at 10:38 PM, Igor Sysoev <igor@sysoev.ru> wrote: > > > On Wed, Nov 23, 2011 at 10:32:27PM +0530, Fasihullah Askiri wrote: > > > Sorry, I am not sure I understood you correctly. It is used in headers_in > > > for look up into headers_in_hash OK. But what about headers_out? > > &gby Igor Sysoev - Nginx Development
On Wed, Nov 23, 2011 at 10:32:27PM +0530, Fasihullah Askiri wrote: > Sorry, I am not sure I understood you correctly. It is used in headers_in > for look up into headers_in_hash OK. But what about headers_out? "lowcase_key" in headers_out may be not set if these headers are not proxied/fastcgied/etc. > ngx_http_proxy_process_header parses the upstream response headers > usiby Igor Sysoev - Nginx Development
On Wed, Nov 23, 2011 at 10:16:56PM +0530, Fasihullah Askiri wrote: > Thanks for the prompt reply. > > That makes it a lot clearer, is hash = 1 used to indicate that the > lowcase_key isnt initialized (meaning you shouldnt try to look it up the > headers_in_hash) or any other value like 0 is also used? > I basically need the lowcase headers, I am just reusing the key, am I goodby Igor Sysoev - Nginx Development
On Wed, Nov 23, 2011 at 10:04:06PM +0530, Fasih wrote: > Hi > > I have a plugin that uses request.headers_out.headers, I use the > lowcase_key of the element for something. However, recently while debugging > a crash I noticed that the lowcase_key isnt always initialized > I would have taken that > as a bug but noticed that there are other places > where lowcase_key isntby Igor Sysoev - Nginx Development
On Wed, Nov 23, 2011 at 03:02:27PM +0200, Gena Makhomed wrote: > даже при 50-100 сайтов неудобно делать много include на каждый сайт, > гораздо удобнее все-таки подход "1 сайт == 1 конфигурационный файл". > > но в этом случае получается много copy/pasteby Igor Sysoev - Nginx Mailing List - Russian
On Wed, Nov 23, 2011 at 02:43:38PM +0200, Serguei I. Ivantsov wrote: > > On 23.11.2011 14:12, Denis F. Latypoff wrote: > > 23.11.2011, 19:01, "Gena Makhomed" <gmm@csdoc.com>: > >> некоторые проблемы начинаются если в конфиге nginx будет > >> не один большой сайт, а несколько десby Igor Sysoev - Nginx Mailing List - Russian
On Wed, Nov 23, 2011 at 11:26:02AM -0500, mennanov wrote: > Igor Sysoev Wrote: > ------------------------------------------------------- > > On Wed, Nov 23, 2011 at 10:11:08AM -0500, mennanov > > wrote: > > > Thanks but i've already found a solution in the > > russian nginx forum. > > > > > > location ~ ^/cms/(.*)$ { > > > try_files /webby Igor Sysoev - Nginx Mailing List - English
On Wed, Nov 23, 2011 at 10:11:08AM -0500, mennanov wrote: > Thanks but i've already found a solution in the russian nginx forum. > > location ~ ^/cms/(.*)$ { > try_files /webroot/cms/webroot/$1 /webroot/cms/engine/index.php; > } > > Is what i needed. location /cms/ { alias /home/renat/www/glinka/webroot/cms/webroot/; try_files $uri /webroot/cms/engine/index.php;by Igor Sysoev - Nginx Mailing List - English
On Wed, Nov 23, 2011 at 04:50:41PM +0400, Ilya Lobahin wrote: Пожалуйста, добавьте в bat plain text письма, потому что на это html отвечать просто невозможно. Как эта строка: -------------- nginx-err.log ------------------ *135754 open() "/some/path/DFO}g+6nYZy]Z1TE6i.P\" failed (2: No such file or directory),by Igor Sysoev - Nginx Mailing List - Russian
On Wed, Nov 23, 2011 at 02:01:28PM +0200, Gena Makhomed wrote: > > Игорь где-то тут в рассылке неоднократно высказывался на > > тему 250 локейшенов рамблера, которые можно хоть как крутить > > и это не затронет работу остальных 249 локейшенов. &gby Igor Sysoev - Nginx Mailing List - Russian
Author: is Date: 2011-11-23 07:22:15 +0000 (Wed, 23 Nov 2011) New Revision: 4307 Modified: trunk/src/http/modules/ngx_http_mp4_module.c Log: Fix of mp4 module seeking. Modified: trunk/src/http/modules/ngx_http_mp4_module.c =================================================================== --- trunk/src/http/modules/ngx_http_mp4_module.c 2011-11-22 17:02:21 UTC (rev 4306) +++ trunk/src/http/by Igor Sysoev - Nginx Development
On Tue, Nov 22, 2011 at 01:43:53AM -0500, sibsoft wrote: > Here it goes > http://dl.dropbox.com/u/50505452/error.log.gz The attached patch should help. -- Igor Sysoev Index: src/http/modules/ngx_http_mp4_module.c =================================================================== --- src/http/modules/ngx_http_mp4_module.c (revision 4303) +++ src/http/modules/ngx_http_mp4_module.c (workinby Igor Sysoev - Nginx Mailing List - English
![]() |
![]() |
![]() |
![]() |
|