Seeing that nobody beat me to it, I did the download manager
experiment. There are plugins for Chromium to do multiple connections,
but I figured a stand alone program was safer. (No use adding strange
software to a reasonable secure browser.)
My linux disty has prozilla in the repo. In true linux
The problem still seems to persist. I am now trying to investigate this
myself. Any advise for debugging?
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,268306,269498#msg-269498
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org
Hi,
In the nginx documentation (https://www.nginx.com/blog/websocket-nginx), it
is recommended to set the 'Connection' header to 'close' (if there is no
upgrade header) - from my understanding, this disables keep alive from
nginx to the upstream - is there a reason for this?
Additionally, is keep
>> location ~ (^/[^/]*|.html)$ {}
>
> Yes, that should do what you describe.
I realize now that I didn't define the requirement properly. I said:
"match requests with a single / or ending in .html" but what I need
is: "match requests with a single / *and* ending in .html, also match
/". Will th
Most of the chatter on the interwebs believes that the rate limit is per
connection, so if some IP opens up multiple connections, they get more
bandwidth.
It shouldn't be that hard to just test this by installing a manager and seeing
what happens. I will give this a try tonight, but hopefully
On Mon, Sep 12, 2016 at 01:55:35PM -0700, Grant wrote:
Hi there,
> > If you want to match "requests with a second slash", do just that:
> >
> > location ~ ^/.*/ {}
> >
> > (the "^" is not necessary there, but I guess-without-testing that
> > it helps.)
>
> When you say it helps, you mean for p
limit_req works with multiple connections, it is usually configured per IP
using $binary_remote_addr. See
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone
- you can use variables to set the key to whatever you like.
limit_req generally helps protect eg your backend again
>> My site doesn't have any folders in its URL structure so I'd like to
>> have nginx process any request which includes a folder (cheap 404)
>> instead of sending the request to my backend (expensive 404).
>
>> Currently I'm using a series of location blocks to check for a valid
>> request. Here'
On Mon, Sep 12, 2016 at 10:17:06AM -0700, Grant wrote:
Hi there,
> My site doesn't have any folders in its URL structure so I'd like to
> have nginx process any request which includes a folder (cheap 404)
> instead of sending the request to my backend (expensive 404).
The location-matching rules
> https://www.nginx.com/blog/tuning-nginx/
>
> I have far more faith in this write up regarding tuning than the anti-ddos,
> though both have similarities.
>
> My interpretation is the user bandwidth is connections times rate. But you
> can't limit the connection to one because (again my interp
On Mon, Sep 12, 2016 at 1:37 PM, A. Schulze wrote:
>
>
> Am 12.09.2016 um 21:33 schrieb Joshua Schaeffer:
>
>> Any chance anybody has played around with Kerberos auth? Currently my SSO
>> environment uses GSSAPI for most authentication.
>>
>
> I compile also the module https://github.com/stnoonan
Am 12.09.2016 um 21:33 schrieb Joshua Schaeffer:
Any chance anybody has played around with Kerberos auth? Currently my SSO
environment uses GSSAPI for most authentication.
I compile also the module
https://github.com/stnoonan/spnego-http-auth-nginx-module
but I've no time to configure / lear
>
>
>> I'm using that one to authenticate my users.
>
> auth_ldap_cache_enabled on;
> ldap_server my_ldap_server {
> url ldaps://ldap.example.org/dc=u
> sers,dc=mybase?uid?sub;
> binddn cn=nginx,dc=mybase;
> binddn_passwd
Am 12.09.2016 um 21:04 schrieb Joshua Schaeffer:
- https://github.com/kvspb/nginx-auth-ldap
I'm using that one to authenticate my users.
auth_ldap_cache_enabled on;
ldap_server my_ldap_server {
url
ldaps://ldap.example.org/dc=users,dc=mybase?uid?sub;
Greetings Nginx list,
I've setup git-http-backend on a sandbox nginx server to host my git
projects inside my network. I'm trying to get everything setup so that I
can require auth to that server block using SSO, which I have setup and
working with LDAP and Kerberos.
I have all my accounts in Ker
My site doesn't have any folders in its URL structure so I'd like to
have nginx process any request which includes a folder (cheap 404)
instead of sending the request to my backend (expensive 404).
Currently I'm using a series of location blocks to check for a valid
request. Here's the last one be
Hello!
On Sun, Sep 11, 2016 at 06:56:17AM -0400, jchannon wrote:
> I have nginx and its cache working as expected apart from one minor issue.
> When a request is made for the first time it hits the origin server, returns
> a 200 and nginx caches that response. If I make another request I can see
gariac Wrote:
---
> This page has all the secret sauce, including how to limit the number
> of connections.
>
> https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-ngin
> x-plus/
>
> I set up the firewall with a higher number as
I picked 444 based on the following, though I see your point in that it is a
non-standard code. I guess from a multiplier standpoint, returning nothing is
as minimal as it gets, but the hacker often sends the message twice due to lack
of response. A 304 return to an attempt to log into WordPres
>From what I understand, 304 answers should not try to modify headers, as
the cache having made the conditional request to check the correctness of
its entry will not necessarily update it:
https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.5.
The last sentence sums it all: '*If* a cac
You could also generate 304 responses for content you won't provide (cf.
return).
nginx is good at dealing with loads of requests, no problem on that side.
And since return generates an in-memory answer by default, you won't be
hammering your resources. If yo uare CPU or RAM-limited because of thos
21 matches
Mail list logo
