Hi. Am 09.07.2019 um 20:40 schrieb Lemons, Terry: > Hi > > Our product uses nginx to front-end inbound web access. To enhance our > product’s > security posture, we have been examining the rules in the DISA Web Server > Security Requirements Guide > <https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Web_Server_V2R3_SRG.zip>. > One of the rules > (https://www.stigviewer.com/stig/web_server_security_requirements_guide/2014-11-17/finding/V-41807) > states, “The web server must generate unique session identifiers that cannot > be > reliably reproduced.” I searched the nginx documentation, but wasn’t able to > confirm that unique session identifiers are used. > > Are they?
Myabe you can use the variable `request_id`. https://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_id In the following blog posts can you find a example how it can be used. https://www.nginx.com/blog/application-tracing-nginx-plus/ => Tracing Requests End‑to‑End > Thanks > > tl Hth Aleks > *Terry Lemons* > > * * > > DellEMC_Logo_Hz_Blue_rgb_10percent > > Data Protection Division > > > > 176 South Street, MS 2/B-34 > Hopkinton MA 01748 > terry.lem...@dell.com <mailto:terry.lem...@dell.com> > > > > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
