You could consider adding a CSP header to cause clients to automatically
fetch those resources over HTTPS:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests
On Wed, 16 Oct 2024 at 00:06, Nikolaos Milas via nginx
wrote:
> On 16/10/2024 12
This is like reading a book, not understanding some words and then
complaining to the author to fix their spelling. Please don't rely on SAST
analysis without understanding the code. I would expect the vast majority
of these are false positives - provide evidence that these are real bugs if
you wan
Thanks for the patch! I've been running it for about an hour and
haven't seen the preallocated memory alert since, so it's looking good
here.
On Fri, 24 Mar 2023 at 03:07, Maxim Dounin wrote:
>
> Hello!
>
> On Thu, Mar 23, 2023 at 09:33:19PM +0100, Richard Stanway
ly relates to that error, I
> thought I’d ask in case you have still been seeing that error with newer
> Nginx versions that have come out since that patch was implemented.
>
>
> --
> Lance
>
> On Mar 22, 2023 at 5:28 PM -0500, Richard Stanway via nginx
> , wrote:
>
I regularly build with zlib-ng, unfortunately it requires patching the
zlib-ng files to enable zlib compatibility mode as nginx doesn't seem to
have a way to pass options to configure.
Edit "configure" in the zlib-ng directory and change the line compat=0 to
compat=1. Then specify --with-zlib=/pat
In the context of a mobile app, pinning usually means checking the public
key of the server in your app matches what is expected. There is nothing to
configure server-side. If you change the private key used by your SSL
certificate, then your app will break. Renewing an SSL certificate doesn't
usua
Hello,
I'm running into an issue where a proxied location with a regular
expression match does not correctly update the cache when using
proxy_cache_background_update. The update request to the backend seems
to be missing the captured parameters from the regex. I've created a
small test case that d
That IP resolves to rate-limited-proxy-72-14-199-18.google.com - this is
not the Google search crawler, hence why it ignores your robots.txt. No one
seems to know for sure what the rate-limited-proxy IPs are used for. They
could represent random Chrome users using the Google data saving feature,
he
This is almost certainly not Google as they obey robots.txt. The & to &
conversion is another sign of a poor quality crawler. Check the RDNS and
you will find it's probably some IP faking Google UA, I suggest blocking at
network level.
On Fri, Jun 8, 2018 at 1:57 AM shiz wrote:
> Hi,
>
> Recentl
You should check your upstream logs to see why it is closing connections or
crashing.
On Tue, May 15, 2018 at 6:22 PM Ricky Gutierrez
wrote:
> Any help?
>
> El lun., 14 may. 2018 20:02, Ricky Gutierrez
> escribió:
>
>> hello list, I have a reverse proxy with nginx front end and I have the
>> ba
Even though it shouldn't be reaching your limits, limit_req does delay in
1 second increments which sounds like it could be responsible for this. You
should see error log entries if this happens (severity warning). Have you
tried without the limit_req option? You can also use the nodelay option to
PHP-FPM is only for PHP. You'll want something like fcgiwrap for regular
CGI files.
See https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/
On Fri, Apr 6, 2018 at 6:02 PM, Ralph Seichter
wrote:
> Hello list,
>
> I am fairly new to nginx and now have stumbled across an issue I c
> [alert] 11371#0: worker process 24870 exited on signal 9
This is almost certainly the cause of your problems - you need to figure
out why the nginx processes are crashing and resolve that. Most likely a
3rd party module is responsible.
On Fri, Feb 16, 2018 at 10:39 AM, Andrzej Walas wrote:
>
Only the server should be generating the tokens, if the client knows the
secret it can do whatever it wants.
On Wed, Jan 10, 2018 at 10:32 AM, anish10dec
wrote:
> Let me explain the complete implementation methodology and problem
> statement
>
> URL to be protected
> http://site.media.com/mediaf
Your ISP is blocking port 80, so you cannot get redirected to HTTPS.
http://www.dslreports.com/faq/11852
On Tue, Nov 28, 2017 at 6:17 PM, Jeff Dyke wrote:
> I think it is unfortunate that certbot does it this way, with an if
> statement, which i believe is evaluated in every request. I use some
You can use ct-submit, once built the binary can be copied and run on any
system without any dependencies.
https://github.com/grahamedgecombe/ct-submit
On Mon, Nov 27, 2017 at 10:21 PM, Ángel wrote:
> On 2017-11-26 at 14:17 +0100, A. Schulze wrote:
> > Hello,
> >
> > experiments with nginx-ct ¹
Look at
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_client_abort
or
http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_ignore_client_abort
etc depending on what you're doing with the request.
On Thu, Oct 26, 2017 at 1:07 PM, Torppa Jarkko
wrote:
> I have
On Wed, Oct 11, 2017 at 4:14 PM, Valentin V. Bartenev
wrote:
>
> Websockets cannot work over HTTP/2.
>
>
So it appears, I guess I should have checked that! Upon closer examination,
all the 101 responses I was seeing in the access log were from HTTP/1.1
clients, the HTTP 2 requests never even got
Hello,
I have a location that proxies to a websocket server. Clients connect over
HTTPS (HTTP2, wss://). Sometimes clients generate the following alerts in
the error log when hitting the websocket location:
2017/10/11 21:03:23 [alert] 34381#34381: *1020125 epoll_ctl(1, 603) failed
(17: File exists
This is something you should fix on whatever application is setting the
cookie. It probably isn't nginx.
On Tue, Oct 10, 2017 at 10:04 AM, Johann Spies wrote:
> A security scan on our server showed :
>
> Vulnerability Detection Method
> Details: SSL/TLS:
> Missing `secure` Cookie Attribute
> OID
20 matches
Mail list logo
