> In my case, the number of hosts will change over time, and I can’t update
the nginx config. So I thought it would make sense to use a hostname that
resolves to many IPs. This would be a scalable solutioin
In that case, it makes sense to use a templating tool to dynamically
populate the content
wrk is our go-to:
https://github.com/wg/wrk
Really any http load tester (ab, httperf, etc) should suffice
> On Jan 27, 2020, at 4:41 PM, James Read wrote:
>
>
> Hi,
>
> does anyone know of a way to stress test a nginx server? For example an epoll
> based web crawler that can make c10k con
Hi,
addr_text is of type 'ngx_str_t':
http://lxr.nginx.org/source/src/core/ngx_connection.h#0148, which provides
both the char pointer and the length. It's not correct to cast that value
to a char pointer directly.
On Mon, May 6, 2019 at 11:09 AM bhagavathula
wrote:
> Hi,
>
> When running Valgr
FWIW, this kind of large installation is why solutions like OpenResty exist
(providing for dynamic config/cert service/hostname registration without
having to worry about the time/expense of re-parsing the Nginx config).
On Mon, Feb 11, 2019 at 7:59 AM Richard Paul
wrote:
> Hi Ben,
>
> Thanks fo
Given that the stack trace is from Python, it’s not an nginx configuration
issue. Are you reverse proxying from nginx multiple uwsgi backgrounds that have
different configuration?
Sent from my iPhone
> On Jan 5, 2019, at 13:01, Larry Martell wrote:
>
> I am having an odd interment django prob
Hi,
You might want to consider something like OpenResty, which allows for serving
certificates on the fly with Lua logic. You can use this to fetch cert/key
material via Vault or some other secure data store that can be accessed via TCP
(or you could also keep the encrypted private key on-disk
I think this thread has run it's course. Let's please move this discussion
of this mailing list.
On Mon, Oct 15, 2018 at 11:29 AM Stefan Müller
wrote:
> we tried our best anyone else trying not to burn one's fingers?
>
> On 15.10.2018 16:29, Ralph Seichter wrote:
> > On 15.10.18 15:55, Lucas Rol
You could either write a custom nginx module to read your file/env variable and
provide it as an nginx variable, or you could use Lua/OpenResty to read/write
the secret value (the latter is safer but more expensive)
Sent from my iPhone
> On Jun 26, 2018, at 07:25, Danomi Czaski wrote:
>
> I w
Hi,
> On Jun 6, 2018, at 16:18, PGNet Dev wrote:
>
>> On 6/6/18 4:09 PM, Robert Paprocki wrote:
>> Nginx has no stable API/ABI. With every release you want to leverage you
>> need to walk through your entire test/canary/B-G/whatever cycle. That's a
>> quest
Hi,
On Wed, Jun 6, 2018 at 3:42 PM, PGNet Dev wrote:
> Hi
>
> My $0.02 coming from experience building out scalable WP clusters is,
>> stick to Varnish here.
>>
>
> Miscommunication on my part -- my aforementioned Varnish-in-front referred
> to site dev in general.
>
> To date, it's been in fron
Hi,
On Wed, Jun 6, 2018 at 3:05 PM, PGNet Dev wrote:
> For some new WordPress sites, I'll be deploying fastcgi_cache as reverse
> proxy / page cache, instead of usual Varnish.
>
> Although there are a number of WP-module-based PURGE options, I prefer
> that it's handled by the web server.
>
> A
Hi,
On Tue, Feb 13, 2018 at 5:46 PM, Tom wrote:
> Hi,
>
> I'm wondering if anyone has successfully masked ip addresses in nginx
> before they are written to a log file.
>
> I understand there are reasons why you would and would not do this.
>
> Anyway, my config so far, which I believe works for
MB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83
> Safari/537.36" "-"
>
> I sanitize these a bit because I don't like this stuff showing up in
> google searches, but the basic format is the same. I use a custom log
> file format.
>
>
Do you mean $http_user_agent?
> On Jun 20, 2017, at 17:36, "li...@lazygranch.com"
> wrote:
>
> I would like to block the google app from directly downloading images.
>
> access.log:
>
> 200 186.155.157.9 - - [20/Jun/2017:00:35:47 +] "GET /images/photo.jpg
> HTTP/1.1" 334052 "-" "com.goo
This kinda reminds me of
http://mailman.nginx.org/pipermail/nginx/2016-June/050919.html. That thread
was all kinds of wonderful.
On Tue, Jun 13, 2017 at 8:36 AM, Igal @ Lucee.org wrote:
> On 6/13/2017 7:16 AM, Yadira Gallego wrote:
>
>> Hello my name is Yadira and I want to sign up my twins for
>
>
> It is the number of keepalive connections to be cached for the
> whole upstream{} block, that is, all servers.
>
Can we clarify the behavior for upstreams with duplicate server directives?
Consider the following
upstream foo {
server 1.2.3.4:80;
server 5.6.7.8:80;
keepalive 32;
}
upstr
Read the docs please :)
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#set
Set is allowed is server, location, and if blocks. Not http blocks.
> On Apr 25, 2017, at 12:41, Joel Parker wrote:
>
> I have a set directive inside an http block which I thought was valid but
> when I ru
d de-crypts the traffic with the appropriate keys, log the
> de-crytped request / response then re-encrypt with different certs and send
> to an upstream server. My thought was theat a stream block would help me
> accomplish this.
>
> Joel
>
> On Tue, Apr 25, 2017 at 1:4
; server {
> // access log
> }
> }
> }
>
> On Tue, Apr 25, 2017 at 1:38 PM, Robert Paprocki fearnothingproductions.net> wrote:
>
>> What you're doing doesn't quite make sense. You're trying to log HTTP
>> data inside a stream block. Th
What you're doing doesn't quite make sense. You're trying to log HTTP data
inside a stream block. That doesn't work. There's no such concept of
$status, $http_referer, etc, inside a stream {} block.
Have a read of the log_format docs:
http://nginx.org/en/docs/http/ngx_http_log_module.html#log_form
ust need to set the
> format somehow to be compatible with it.
>
> Joel Parker
>
> On Fri, Apr 21, 2017 at 10:21 AM, Robert Paprocki fearnothingproductions.net> wrote:
>
>> Unless wireshark has access to the private key (and PFC isn't enabled),
>> you&#
Unless wireshark has access to the private key (and PFC isn't enabled), you're
best bet would be to log the data from nginx directly, rather than trying to
examine the raw bytes on the wire.
> On Apr 21, 2017, at 08:10, Joel Parker wrote:
>
> I currently have a config that allows me to termin
Hi,
On Wed, Jan 11, 2017 at 1:27 PM, Jonathan Simowitz via nginx <
nginx@nginx.org> wrote:
> Hello,
>
> I would like to define an upstream block with a number of servers and
> utilize the hash directive to choose a particular server dependent on the
> request. There is a chance that the chosen se
Naxsi and ModSecurity are... very different. They have distinct (and largely
incomparable) backgrounds, philosophies, goals, implementation details, and,
most importantly for this context, vastly different DSLs that support their
operations. A 1-1 translation of the OWASP CRS (particularly v3, j
Should be fairly easy to do with any command to write data over the wire
(nc/netcat/echo into /dev/tcp):
echo -en 'GET / HTTP/1.0' | nc 1.2.3.4
It should be worth noting that the Host header is not a required HTTP/1.0
header, so if your app requires the Host header (or derives some other
variable
On Mon, Nov 14, 2016 at 8:51 AM, wrote:
> I'd be shocked if the map function doesn't use a smart search scheme
> rather than check every item.
>
You're in for a bit of a shock then. It is a linear search :p Curious as to
what you think it should look like instead?
Getting back to the original q
> Enabling keepalive on ab is one of the things you can do. I don't know
> ab, so not sure if there is a better way. I also do not know if ab supports
> SSL session caching or TLS tickets, which you would have to keep in
> mind when benchmarking.
ab does not support TLS tickets (you can verify th
Hi,
On Fri, Nov 4, 2016 at 3:57 PM, Alex Samad wrote:
> Hi
>
> Agree on the blindly following. But its good to know how to get there
> I also try this
> https://cryptoreport.websecurity.symantec.com/checker/
>
> question
>
> tls/ssl compression is it worth it ? I have gzip setup, but I am guess
https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html is a
pretty decent write-up.
IME, you need to present an HSTS header, otherwise an A+ is never awarded
even with the strictest cipher suite and largest keys and DH primes.
To be frank though, achieving an A+ is not a very very worth
Looks like a shellshock attempt. Provided that you're running a modern of
version of bash there's nothing to be done. Well, you could drop requests from
those IPs if you see fit.
Welcome to the wild world of running a public server!
> On Oct 22, 2016, at 03:19, janro wrote:
>
> Hi everyone.
On Fri, Sep 30, 2016 at 9:24 AM, Grant wrote:
> > By default the Connection header is passed to the origin. If a client
> sends
> > a request with Connection: close, Nginx would send this to the upstream,
> > effectively disabling keepalive. By clearing this header, Nginx will not
> > send it on
By default the Connection header is passed to the origin. If a client sends
a request with Connection: close, Nginx would send this to the upstream,
effectively disabling keepalive. By clearing this header, Nginx will not
send it on to the upstream source, leaving it to send its own Connection
head
> I do think this is related to 'proxy_read_timeout 60m;' leaving too
> many connections open. Can I somehow allow pages to load for up to
> 60m but not bog my server down with too many connections?
Pardon me, but why on earth do you have an environment in which an HTTP request
can take an hour
On Mon, Sep 26, 2016 at 4:28 AM, Anoop Alias wrote:
> Ok .. reiterating my original question.
>
> Is the usage of if / map in nginx config more efficient than say naxsi (
> or libmodsecurity ) for something like blocking SQL injection ?
>
Strictly speaking, and barring performance costs of th
> That hacker was quite insistent. I got a 414 (large request) for the first
> time. Perhaps a buffer overflow attempt.
In 2016? I _strongly_ doubt it. ;)
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Pardon me, but this thread smells terribly of bikeshedding. Comparing ifs vs
maps is useless when what you're trying to accomplish should never be done
through an HTTP server config. It's security theater, and no, the low-hanging
fruit argument does not apply here. Use a proper waf like libmodse
Actually no, ngx.time() is not expensive, it uses the cached value stored in
the request so it doesn't need to make a syscall.
> On Sep 9, 2016, at 06:33, itpp2012 wrote:
>
> Good, keep in mind that "ngx.time()" can be expensive, it would be advisable
> to use a global var to store time and upd
Sounds like you just want to complain without actually solving any
problems. Why don't you start by pasting the output of
nginx -V
your FULL config file
the requests you are sending to Nginx, and the behavior you expect to see
And adjust your attitude your attitude so you can actually receive hel
What version of nginx are you running? This sounds similar to a bug (actually a
CVE because it resulted in a segfault) that was patched in 1.10.1 stable
branch, and modern 1.11 versions as well.
> On Aug 6, 2016, at 10:36, sven falempin wrote:
>
> Dear Nginx List Readers,
>
> I am trying to
Hello,
On Thu, Jul 28, 2016 at 7:32 AM, Brian Pugh wrote:
> Yesterday once I got the traffic going to the backend servers from nginx I
> noticed that I was pinned to "backend3", which is last in the order. And
> since I am the one setting this up I am the only user. So I changed up my
> order ju
>
>
> I'm not as concerned with what server its routed to as much as I am
> concerned with the client session "sticking" to the server it was routed
> to. And I really do not know enough about how to use cookie based hashing.
> In order to have cookie bashed hashing would the cookie need to be comm
Hello,
On Wed, Jul 27, 2016 at 1:21 PM, Brian Pugh wrote:
> Running nginx free version 1.10.1-1.el6.ngx.x86_64 on RHEL 6.7. In my conf
> I am using
>
> http {
> upstream backend {
> # Use ip hash for session persistance
> *ip_hash;*
> server backend1:80;
> ser
If you're allowing user-generated output to be written directly to your
logs without any sort of sanitation, you've got bigger problems to worry
about :p Again, it doesn't really make sense to have your fcgi error sent
here- why can't your fcgi process log elsewhere, and leaving the nginx
error lo
Error logs have a hard coded length limit of 2048 bytes iirc, to prevent
runaway log entries. You might be better off configuring your app to dump stack
traces instead of relying on a proxy.
> On Jun 14, 2016, at 07:44, philipp wrote:
>
> We have error logs like this:
>
> 2016/06/14 12:47:45
> On Jun 6, 2016, at 06:46, Kevin Buchs
> wrote:
>
> Hello,
>
> I am certainly a newbie at Nginx. We have a need to implement a web proxy
> which performs the following functions:
...
> I am told by Nginx support this can be readily done with Nginx. If anyone can
> provide pointers, sugges
You sent an email to a public mailing list. Public mailing lists are
archived for... public use. What did you expect was going to happen?
Continuing to berate this list will accomplish nothing. May I also point
you to: https://en.wikipedia.org/wiki/Streisand_effect
On Fri, Jun 3, 2016 at 11:27 AM,
Dare I say, it's time for some moderation on this list?
On Fri, Jun 3, 2016 at 11:26 AM, Thaís Dauto wrote:
> I will not give my location , for whom I do not even know !
>
>
>
>
>
> --
> *De:* nginx em nome de r...@onvaoo.com <
> r...@onvaoo.com>
> *Enviado:* sexta-f
link I sent.
>
>
>
>
>
> De: nginx em nome de Robert Paprocki
>
> Enviado: sexta-feira, 3 de junho de 2016 00:21
> Para: nginx@nginx.org
> Assunto: Re: Problem
>
> Oh man you guys. Immediately. Next to his lawyer.
>
> On Jun 2,
Oh man you guys. Immediately. Next to his lawyer.
> On Jun 2, 2016, at 20:07, Thaís Dauto wrote:
>
> Immediately
>
>
>
>
> De: nginx em nome de Thaís Dauto
>
> Enviado: sexta-feira, 3 de junho de 2016 00:04
> Para: nginx@nginx.org
> Assunto: Problem
>
> I know that you are the hos
On Sat, May 28, 2016 at 12:48 PM, Larry Martell
wrote:
> Is there any way with nginx to check a request's headers and send back
> a 401 if the headers are not proper?
>
Yes, you can do with this via the 'map' and 'if' directives. A trivial
example:
http {
# if the "X-Foo" request heade
This module is built by default, and does not need to be explicitly
enabled. Thus you will not see it as part of the configure options.
On Wed, May 11, 2016 at 2:12 PM, tom.b wrote:
> Greetings fellow nginx users,
>
> Is the limit_req_zone module included in the core version ? I't doesn't
> show
See http://nginx.org/en/docs/http/ngx_http_core_module.html#location:
'The “@” prefix defines a named location. Such a location is not used for a
regular request processing, but instead used for request redirection. They
cannot be nested, and cannot contain nested locations.'
On Fri, May 6, 2016
>
> There are also several WAFs built upon Openresty (nginx + luajit at
> openresty.com) however I haven't set any of them up yet so I can't
> comment on their production readiness.
>
Speaking as the author of one of these (lua-resty-waf,
https://github.com/p0pr0ck5/lua-resty-waf), I can tell you
With respect the ModSecurity and the CRS, the current nginx implementation of
ModSecurity is still pretty buggy and likely won't get any attention. It's
known to cause segfaults and server-side errors during requests. You'd be
better off looking at the libmodsec v3 integration, which is still in
Have you done a full restart (not a reload)? I would imagine the master process
needs to flush everything out.
> On Apr 20, 2016, at 06:24, CJ Ess wrote:
>
> I've tried putting this directive into the nginx config file in both the main
> and html sections:
>
> error_log syslog:server=127.0.0
I'm sure the mailing list would be happy to help if you would provide your
config files so that debugging doesn't involve reading your mind :)
On Thu, Mar 31, 2016 at 9:42 PM, plutocrat
wrote:
> Robert Paprocki Wrote:
> ---
>
Without showing your nginx config it's unlikely that anyone will be able to
troubleshoot. Likely there is a stray listen directive that's causing this.
On Thu, Mar 31, 2016 at 9:29 PM, plutocrat
wrote:
> Hi,
>
> I'm having an odd problem here. I'm trying to set up nginx with a varnish
> proxy in
This may be more appropriate for the nginx-devel list. Additionally, when you
post there you'll probably want to include your modules source so people can
actually assist in debugging.
> On Mar 8, 2016, at 05:01, ben5192 wrote:
>
> Hi,
> I am working on a module for NGINX and am having a prob
There's a relevant resty library as well -
https://github.com/cloudflare/lua-resty-cookie
> On Mar 7, 2016, at 12:31, Aapo Talvensaari wrote:
>
>> On 7 March 2016 at 22:15, kris...@brocade.com
>> wrote:
>> Could you tell me more about LUA or some links where i can read about it?
>
> Here you
ApacheBench doesn't do TLS resumption, so you're forcing a new TLS
handshake with each request. This will kill your performance. ab is a
pretty weak tool ;)
On Thu, Mar 3, 2016 at 7:55 AM, huakaibird
wrote:
> Hi,
>
> I want to test the nginx server performance with different server
> configurati
> On Feb 14, 2016, at 12:58, Maxim Dounin wrote:
>
> Hello!
>
>> On Sun, Feb 14, 2016 at 08:14:20PM +0100, Lucas Rolff wrote:
>>
>> I'm having a rather odd behavior - I use nginx as a reverse proxy (basically
>> as a CDN) - where if the file isn't in cache, I do use proxy_pass to the
>> origi
>From the docs (
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header):
If the value of a header field is an empty string then this field will not
be passed to a proxied server:
proxy_set_header Range "";
proxy_ignore_header is meant to handle response headers, not request
Sounds like at this point this discussion needs to be moved off the nginx
mailing list.
> On Jan 31, 2016, at 10:48, shahzaib shahzaib wrote:
>
> The server is using ports 18 and 19 and those port are configured with speed
> 1000
>
>
>
> LH26876_SW2#sh run int g 0/18
>
> !
>
> interface
The modsec devel team is working hard on the new libmodsecurity. You may just
be better off waiting for them to put the finishing touches on that project.
Nginx + modsec 2.9 likely will get no dev attention moving forward, given that
the whole system is being revamped now.
Sent from my iPhone
ModSecurity isn't a sub-process, it's compiled into the nginx binary and
runs as part of the worker process(es). Nginx doesn't have a concept of
spawning children in the manner you're referencing, so there's nothing to
be monitored wrt. resource consumption. Any resource monitoring would be
done by
Can you show us your config, debug logs, or any info that would help
troubleshoot the issue? See
https://www.nginx.com/resources/wiki/start/topics/tutorials/debugging/ for
help on setting up debug logging.
On Tue, Jan 5, 2016 at 9:55 PM, austevo wrote:
> I'm having the same issue with cache bein
http://man7.org/linux/man-pages/man3/getgrnam.3.html
getgrnam() is a system call to try to get the group name provided. Did you
create the 'rich' group, or configure nginx to use an appropriate group?
On Fri, Oct 30, 2015 at 2:55 PM, Viaduct Lists <
li...@viaduct-productions.com> wrote:
> Just f
Rewrites will execute before authentication module handlers run; this is a
function of how Nginx is designed, and this order isn't configurable. See
http://forum.nginx.org/read.php?2,41891,43112#msg-43112 and
http://www.nginxguts.com/2011/01/phases/.
On Mon, Oct 5, 2015 at 12:42 PM, Richard Stanwa
Is there any reason to indicate that the weighting used in nginx plus is
not the same as used in the OSS version? If so, could you not just look at
the module to examine how the weighting is determined?
On Thu, Oct 1, 2015 at 5:35 PM, highclass99 wrote:
> Hello,
>
> Anyone know how the least_con
You could also look at lua-resty-upstream-healthcheck (
https://github.com/openresty/lua-resty-upstream-healthcheck) as an
alternative. It's not native Nginx per se, but it's integrated with
OpenResty.
On Sun, Aug 9, 2015 at 3:12 AM, Aleksandar Lazic wrote:
> Hi Michael
>
> Am 07-08-2015 20:30,
You're entirely misunderstanding logjam.
The actual logjam attack refers to a flaw in the tls protocol that would allow
mitm attackers to downgrade a connection to an export cipher. This is only
possible if your server supports export-grade ciphers, which it should not if
you're following mozi
It needs to be at the -same- level as the http {} block, not -within- the
http {} block.
worker_processes 4;
events {
worker_connections 8192;
}
http {
include mime.types;
default_type application/octet-stream;
}
stream {
upstream stream_backend {
server 192.168
Sounds like you either have a vulnerable web application or hole in your
systems security. If the root of your problem is that your having content
uploaded to your server without your consent, you're asking the wrong question.
If your app does allow for arbitrary file upload, you can disallow c
Yep, I didn't realize the _module suffix was required. It built
successfully, thank you!
On 12/11/2014 11:12 PM, cubicdaiya wrote:
> Hello.
>
> Why don't you apply a difference below?
>
> --- config.orig 2014-12-12 16:10:06.0 +0900
> +++ config 2014-12-12 16:06:19.0 +0900
>
Hello,
I am trying to build a simple nginx module to learn more about nginx's
internals. I have copied several hello world examples into my own
module: http://pastebin.com/esHFtaMw
And the config file: http://pastebin.com/t1fpEPe6
I've downloaded nginx 1.7.8 onto a vanilla Ubuntu 14.04 install.
Hi,
You probably want to look into the proxy_cache_bypass and proxy_no_cache
directives:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_bypass
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_no_cache
On 12/06/2014 03:49 PM, MasterTH wrote:
> Hi,
>
> i got a
Hi,
Can you provide the mailing list with the output of 'nginx -V' and a
debug log when a worker process is pegged at 100%. See
http://nginx.org/en/docs/debugging_log.html for info on debug logs.
I also wonder why your supplied config has the following:
limit_req_zone $binary_remote_addr zone=on
This is possible using if you are able to use the Lua module:
http://wiki.nginx.org/HttpLuaModule#ngx.req.get_headers
"For multiple instances of request headers ... the value of
ngx.req.get_headers()["Foo"] will be a Lua (array) table..."
On 11/20/2014 05:19 PM, keeyong wrote:
> Thanks Maxim for
You'll want to use http://labs.frickle.com/nginx_ngx_cache_purge/
On 10/31/2014 03:43 AM, Roland RoLaNd wrote:
> I have nginx setup as a caching proxy, which caches redirect responses from
> backend servers.
>
> I want a way to invalidate a certain redirect/key from my cache.
>
> i usually go i
Hello!
Is a quick way to easily list all the keys stored in a proxy_cache
memory zone? I would like to be able to list all cache elements without
implementing a custom tracking solution. I looked through the source of
both the proxy_cache facet, and FRiCKLE's purge module, but my C isn't
strong en
Any options then to support an architecture with multiple nginx nodes sharing
or distributing a proxy cache between them? i.e., a HAProxy machine load
balances to several nginx nodes (for failover reasons), and each of these nodes
handles http proxy + proxy cache for a remote origin? If nginx ha
Thanks, this was indeed the problem- I should have checked that first.
Thank you as always Maxim! :D
On 07/25/2014 09:49 AM, Maxim Dounin wrote:
> Hello!
>
> On Fri, Jul 25, 2014 at 09:30:04AM -0700, Robert Paprocki wrote:
>
>> Hello!
>>
>> I had trouble this mo
Hello!
I had trouble this morning setting up a basic cache with a proxy. Based
on the proxy documentation and
http://nginx.com/resources/admin-guide/caching/, I did not expect to
have to set proxy_cache_valid; however, when this directive was not set
anywhere, I saw no cache files written.
My con
Where have you configured your pid file? Are you using a custom build,
or a distributed package?
On 07/18/2014 03:32 PM, Matthew Ngaha wrote:
> Hey, when I run './nginx -s reload' or './nginx -s stop' i get this:
>
> nginx: [error] open() "/usr/local/nginx-1.4.3/logs/nginx.pid" failed
> (2
Any reason this needs to be applied specifically to /outgoing/
connections? Is the default behavior applied to the proxy not sufficient?
On 7/3/2014 20:51, aflexzor wrote:
Hello!
I have an nginx reverse proxy it has a series of filters against DDoS
attacks.
As a last resort I need to make s
You need to examine traffic over the wire between the proxy and the
origin as you send a request from an outside client to the proxy. This
will allow you to see if the origin is even returning the expected
headers to the proxy, or if the proxy is seeing a different response
than a direct client is.
Can we move past passive aggressive posting to a public mailing list and
actually try to accomplish something?
The nginx docs indicate the following about proxy_pass_header
"Permits passing otherwise disabled header fields from a proxied server
to a client."
'otherwise disabled header fields' ar
There is a form input module you can use to parse POST body into a variable:
https://github.com/calio/form-input-nginx-module
However this will not get JSON data. For this you make want to look into
leveraging the nxin Lua module in conjunction with the Lua cjson module:
http://wiki.nginx.org/Ht
Can you post a full core dump? Did you verify the mod_security tarball
you downloaded? Can detail the steps taken to build that module? What
version of nginx are you trying to build?
On 6/4/2014 06:27, Kurt Cancemi wrote:
Hello, this is unrelated to nginx and has to do with mod_security.
The
y been
somewhat implemented). Naxsi doesn't seem to offer the extensive logging
and detailed features like state tracking that mod_sec does, so I have
been wary to research further into it. But thanks for the suggestion!
Sincerely,
Robert Paprocki
On 04/14/2014 03:24 PM, mex wrote:
> hi rob
hem.
Thank you for your time and patience in answering my questions!
Sincerely,
Robert Paprocki
On 04/14/2014 03:44 AM, Maxim Dounin wrote:
> Hello!
>
> On Sun, Apr 13, 2014 at 08:42:04PM -0700, Robert Paprocki wrote:
>
>> Hi Maxim!
>>
>> Thank you for your response
wrote:
> Hello!
>
> On Sat, Apr 12, 2014 at 04:44:28PM -0700, Robert Paprocki wrote:
>
>> Hello,
>>
>> I have compiled nginx-1.5.13 with modsecurity-2.7.7 and am seeing
>> occasional segfaults when sending requests to the server. mod_security
>> w
Hello,
I have compiled nginx-1.5.13 with modsecurity-2.7.7 and am seeing
occasional segfaults when sending requests to the server. mod_security
was compiled as a standalone module per the instructions made available
at
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_fo
93 matches
Mail list logo
