Problems with custom log file format

2016-08-21 Thread li...@lazygranch.com
Nginx 1.10.1,2 FreeBSD 10.2-RELEASE-p18 #0: Sat May 28 08:53:43 UTC 2016 I'm using the "map" module to detect obvious hacking by detecting keywords. (Yes, I know about Naxsi.) Finding the really dumb hacks is easy. I give them a 444 return code with the idea being I can run a script on the log

Re: limit_except ignored

2016-08-21 Thread Maxim Khitrov
On Sun, Aug 21, 2016 at 1:43 PM, Maxim Khitrov wrote: > Hi, > > I'm running nginx v1.9.10 on OpenBSD with the following server definition: > > server { > listen 80; > server_name example.com; > location / { > deny all; > limit_except POST { > allow all; >

limit_except ignored

2016-08-21 Thread Maxim Khitrov
Hi, I'm running nginx v1.9.10 on OpenBSD with the following server definition: server { listen 80; server_name example.com; location / { deny all; limit_except POST { allow all; proxy_pass http://10.1.2.3; } proxy_set_header Host

open cart control panel keeps redirecting asking for password

2016-08-21 Thread HuMaN-BiEnG
hello there i have nginx newly installed as reverse proxy infront of apache but i found a strange problem when i try to login to open cart control panel it keeps redirecting me to control panel without enabling me to login the authentication informations that i used are correct & after i have disab

Re: upstream status

2016-08-21 Thread B.R.
As per the docs , it is said this variable contains all the status codes returned by each upstream interrogated. >From what I understood, server1 returned 504, server2 returned 502. Those statuses are included in what

Re: No HTTPS on nginx.org by default

2016-08-21 Thread B.R.
It is surprising, since I remember Ilya Grigorik made a talk about TLS during the first ever nginx conf in 2014: https://www.youtube.com/watch?v=iHxD-G0YjiU https://istlsfastyet.com/ Thus, there is no reason for not going full-HTTPS in delivering Web pages. --- *B. R.* On Fri, Aug 19, 2016 at 9:2

Re: Weird problem with redirects

2016-08-21 Thread Andrei
Have you read over https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/? On Sun, Aug 21, 2016 at 1:53 PM, Hamza Aboulfeth wrote: > Hello everyone, > > I finally understand what's going on here... > > http://www.trendmicro.com/vinfo/us/threat-encyclopedia/ > vulnerability/1

Re: Weird problem with redirects

2016-08-21 Thread Hamza Aboulfeth
Hello everyone, I finally understand what's going on here... http://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/10236/python-http-proxy-header-injection-vulnerability-cve20161000110 I have been a victim of this attack, nginx is also affected, is there any patch for this new v