Show all posts by user
Introduce yourselves
Page 1 of 6
Pages: 12345
Results 1 - 30 of 169
pbooth Wrote:
-------------------------------------------------------
> Wow- I really like the sound of naxsi. In the past I've used F5's ASM,
> the WAF built on their big-ip platform. It was powerful though prone
> to false positives. I don't believe there are any real shortcuts that
> allow you to build an effective waf without understanding the details
> of your own website
by
mex
-
Nginx Mailing List - English
Hello christian,
naxsi-contributor first
bad news first:
naxsi wouldnt work on websockets.
Any other security for websockets you have to implement yourself.
list of usefull reads:
- https://devcenter.heroku.com/articles/websocket-security
- https://security.stackexchange.com/questions/48378/anti-dos-websockets-best-practices/
- https://gist.github.com/subudeepak/9897212
- ht
by
mex
-
Nginx Mailing List - English
grey rules means they are deactivated
i'm gonna write a blog on how we use spike + doxi-rules in our
setup, but it will take some time.
by
mex
-
Nginx Mailing List - English
Hi c0nw0nk,
mex here, inital creator of http://spike.nginx-goodies.com/rules/
and maintainer of Doxi-Rules https://bitbucket.org/lazy_dogtown/doxi-rules/overview
(this us where the rules live we create with spike :)
the doxi-rules in its current state are inspired by emerging threats rules,
and not by the CRS-System because:
- mod_security can hook into any phase of a request, while n
by
mex
-
Nginx Mailing List - English
How do you transfer metrics from nginx to your pfsense?
mayak Wrote:
-------------------------------------------------------
> We are blocking 2.2 million addresses, however, we do it at the
> firewall/router (pfsense pfBlocker).
>
> Ultra fast.
>
> HTH
>
> Mayak
>
> _______________________________________________
> nginx mailing list
>
by
mex
-
Nginx Mailing List - English
Hi Eric,
see my reply https://forum.nginx.org/read.php?2,270680,270757#msg-270757
we do a similar thing but keep a counter within nginx (lua_shared_dict FTW)
and export this stuff via /badass - location.
although its not realtime we have a delay of 5 sec which is enough for us
cheers,
mex
Cox, Eric S Wrote:
--------------------------------------------------
by
mex
-
Nginx Mailing List - English
Lucas Rolff Wrote:
-------------------------------------------------------
> You could very well do a small ipset together with iptables, it's
> fast,
> and you don't have to reload for every subnet / ip you add.
we had the very same issue, 40k IPs to block daily and we came up
with ipset add / del which is fast as hell and has a build-in TTL
if you have a huge and dynamic set
by
mex
-
Nginx Mailing List - English
Hi Alex,
you can do it that way or use something like this
inside your server {} block:
allow IP1;
allow IP2;
allow IP3;
deny all;
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
by
mex
-
Nginx Mailing List - English
Hi Alex
this might be an inspiration for your task:
https://www.howtoforge.com/nginx-how-to-block-visitors-by-country-with-the-geoip-module-debian-ubuntu
cheers,
mex
by
mex
-
Nginx Mailing List - English
for a nice and simple*) but yet powerfull WAF-solution for nginx you
might want to try naxsi https://github.com/nbs-system/naxsi
*) simple in terms of: easy to setup, easy to maintain, easy to adjust
cheers,
mex
by
mex
-
Nginx Mailing List - English
Hello,
did you followed the atlassian-guide?
> https://confluence.atlassian.com/jirakb/integrating-jira-with-nginx-426115340.html
> https://confluence.atlassian.com/confkb/how-to-use-nginx-to-proxy-requests-for-confluence-313459790.html
usually when nginxy says "502" you should trust this.
for debuggging, try
curl -v http://JIRA_IP:JIRA_PORT/ from the server ngin
by
mex
-
Nginx Mailing List - English
hi list,
i have an nginx infront of apaches, and the apacheshold a list of locations
with basic-auth.
i cannot pass the auth-request from the upstream through nginx to
the user, when i access the urls through nginx i get 403 Forbidden,
while direct access sends the correct 401 Authorization Required
back.
is there a simple way to passthrough the auth-request without
doing nginx
by
mex
-
Nginx Mailing List - English
this one: https://www.nginx.com/blog/new-joomla-exploit-cve-2015-8562/
i'd suggest to change the ua-detection from "JDatabaseDriverMysql"
to a regex detecting the PHP-Object-Injection to cover additional
attack-vectors (like my gurus @ emergingthreats said:
"mitigation against the vuln, not the exploit you should create" :D
i also suggest to delete the "O:"
by
mex
-
Nginx Mailing List - English
this one: https://www.nginx.com/blog/new-joomla-exploit-cve-2015-8562/
i'd suggest to change the ua-detection from "JDatabaseDriverMysql"
to a regex detecting the PHP-Object-Injection to cover additional
attack-vectors (like my gurus @ emergingthreats said:
"mitigation against the vuln, not the exploit you should create" :D
i also suggest to delete the "O:"
by
mex
-
Nginx Mailing List - English
hi daniel,
hiw did you installed nginx, manually (self-compiled) or
through your distratos repo?
can you provide the nginx -V - output?
usually /etc/nginx/nginx.conf is the default-config, if not given;
nginx -V will tell what defaults arre used in your config.
cheers,
mex
by
mex
-
Nginx Mailing List - English
> I could set up but the Machine A only access to one URL or Site at
> same time.
> How can I access to any URL at internet from Machine A?
>
nginx is a reverse-proxy, what you are looking for is a forward-proxy
and you could use apache or squid for this
for more information on diffferences reverse vs forward-proxy
read http://stackoverflow.com/questions/224664/difference
by
mex
-
Nginx Mailing List - English
hi,
is there a way to log access (ip, date, size of payload) within the stream-module?
i found error - log configurable for the stream only so far.
cheers,
mex
by
mex
-
Nginx Mailing List - English
if you ask for something like mod_cgi from the apache-world, there is nothing like
this; the following article might help to define requirements and find a solution:
> https://www.digitalocean.com/community/tutorials/a-comparison-of-web-servers-for-python-based-web-applications
Nitin Solanki Wrote:
-------------------------------------------------------
> Hi all, I am not using
by
mex
-
Nginx Mailing List - English
Ray Cote Wrote:
-------------------------------------------------------
> We use gUnicorn for our nginx/Django deployments.
> Lots of good guidance on the gUnicorn site:
> http://gunicorn-docs.readthedocs.org/en/latest/deploy.html
> nginx is their deployment of choice...
> -Ray
>
gunicorn (+nginx for static content, caching, ssl-offload and waf-features) is what we use
by
mex
-
Nginx Mailing List - English
Hello,
happily testing the stream{} - feature and loadbalancing-mechanism with nginx 1.9
and it works very smoth; looks like we ca use nginx as http-lb as well as tcp-lb
in production very soon; thank you, nginx-team!
is there something like allow/deny planned for the stream {} - method?
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
atm we use a packetfilter, but ha
by
mex
-
Nginx Mailing List - English
thank you for your comment; i'll re-test with 1.8 and adjust the document accordingly.
i think the config-workaround is obsolete too.
cheers,
mex
by
mex
-
Nginx Mailing List - English
Hi,
nginx + libressl works without any issues; we have it running since
last summer and have seen no problems so far, but did not tested
it with 1.8.x though
the following explians how to do it: https://8ack.de/guides/nginx-libressl-first-test
cheers,
mex
by
mex
-
Nginx Mailing List - English
if you have questions on naxsi, feel free to join the naxsi-discuss - ml
https://groups.google.com/forum/#!forum/naxsi-discuss
cheers,
mex
by
mex
-
Nginx Mailing List - English
hi cole,
if implemetable you couldd use naxsi https://github.com/nbs-system/naxsi
for this, there exists a rule to detect and block shellshock-exploit-attempts:
MainRule "str:() {" "msg:Possible Remote code execution through Bash CVE-2014-6271" "mz:BODY|HEADERS" "s:$ATTACK:8" id:42000393 ;
see -> http://spike.nginx-goodies.com/rules/view/42000
by
mex
-
Nginx Mailing List - English
Hello,
what does naxsi has to do with it? you probably wanted to talk about nginx,
naxsi is a 3rd-party-module, extending nginx on WAF-features
four your probkem you might wnat to check
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
cheers,
mex
by
mex
-
Nginx Mailing List - English
Hi Noah,
thanx for your guides; interesting read.
for everyone else:
there bis a nagios-plguin to monitor the stub/status - outputs:
https://bitbucket.org/maresystem/dogtown-nagios-plugins/overview
beside monitoring it also extracts all date from the status page and returns
them as performance-data for graphing and as sources for warning/critival - notifications
Performancedata:
by
mex
-
Nginx Mailing List - English
Google dumps SPDY in favour of HTTP/2, any plans ore roadmap for HTTP/2 in nginx?
see https://blog.chromium.org/2015/02/hello-http2-goodbye-spdy-http-is_9.html
"HTTP is the fundamental networking protocol that powers the web. The majority of sites use version 1.1 of HTTP, which was defined in 1999 with RFC2616. A lot has changed on the web since then, and a new version of the protocol
by
mex
-
Nginx Mailing List - English
you'll need a lot of packages from the SDK-DVDs. IIRC those are not
available as online-repos, but situation might have changed.
mex
by
mex
-
Nginx Mailing List - English
Hi,
> I tried ngx_lua but I might've been doing something wrong. It
> complained that I am not allowed to use "proxy_pass" following a
> content rewrite.
you should read the documentatrion carefully:
http://wiki.nginx.org/HttpLuaModule#content_by_lua
"Do not use this directive and other content handler directives in the same location.
For example, this di
by
mex
-
Nginx Mailing List - English
Page 1 of 6
Pages: 12345