On Thu, Feb 15, 2024 at 1:59 AM Maxim Dounin wrote:
> Hello!
>
> As you probably know, F5 closed Moscow office in 2022, and I no
> longer work for F5 since then. Still, we’ve reached an agreement
> that I will maintain my role in nginx development as a volunteer.
> And for almost two years I
On Sun, Dec 11, 2022 at 8:03 AM Mik J via nginx wrote:
>
> Hello,
>
> My Nginx server sends syslogs to my remote syslog server with a host =
> myserver.mydomain.org
> However I would like that the host to be the IP a specific IP of the server
> (which exists)
>
> On my Nginx server
> server {
>
On Sun, Feb 13, 2022 at 10:45 AM Moshe Katz wrote:
>
> I can't speak for the nginx team, but as noted by "Severity: none", I assume
> they agree with many other vendors that this is not actually a vulnerability
> in nginx itself.
>
> For example, here is what the authors of Varnish said in
On Wed, Sep 29, 2021 at 9:42 PM Jeffrey 'jf' Lim wrote:
>
> On Wed, Sep 29, 2021 at 9:24 PM Maxim Dounin wrote:
> >
> > Hello!
> >
> > On Wed, Sep 29, 2021 at 12:47:58PM +0800, Jeffrey 'jf' Lim wrote:
> >
> > > http://nginx.org/en/docs/http/ngx_http_
On Wed, Sep 29, 2021 at 9:24 PM Maxim Dounin wrote:
>
> Hello!
>
> On Wed, Sep 29, 2021 at 12:47:58PM +0800, Jeffrey 'jf' Lim wrote:
>
> > http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
> > has a note about not needing 'ssl_trusted_certificate'
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
has a note about not needing 'ssl_trusted_certificate' if
ssl_certificate has intermediate certificates. I do not see a similar
note for ssl_stapling_verify
Does anybody know what will get logged (I assume in error_log) for the
case when send_timeout is exceeded?
-jf
--
He who settles on the idea of the intelligent man as a static entity
only shows himself to be a fool.
___
nginx mailing list
On Wed, Jan 13, 2021 at 2:04 PM sanjay wrote:
>
> Thanks for the update.
> I have already taken care to hide the "nginx".
>
> With CAPITAL letters, my testcase using "POSTSSS" for request_method, works
> fine.However, for mixed-case and small-case , nginx default rule applies and
> control
On Thu, Jul 30, 2020 at 8:06 PM Maxim Dounin wrote:
>
> Hello!
>
> On Tue, Jul 28, 2020 at 01:08:32PM +0800, Jeffrey 'jf' Lim wrote:
>
> > I am discovering that nginx is logging the bytes sent by a client - in
> > raw form - in my error.log for the following error:
I am discovering that nginx is logging the bytes sent by a client - in
raw form - in my error.log for the following error:
client sent invalid method while reading client request line, client:
NN.N.N.N, server: NAME, request: ",'�Cookie: mstshash=eltons"
Is there a way to get nginx to escape the
I've traditionally kept the 2 separate, but I'm wondering if it's ok
or if there are going to be any problems having the 2 directives write
to the same file. My sense is that it should be fine, but can anybody
who's more familiar - especially with the internals - comment? My file
path contains no
;
> Moshe
>
>
>
> On Mon, Jun 8, 2020 at 9:30 PM Jeffrey 'jf' Lim wrote:
>>
>> No problem, Moshe! Thank you so much for testing this out for me! This
>> does take care of the case of "not HTTP" being sent (which is what
>> 'curl -k https://localhos
othing site anyway), then you don't have to worry
> about it.
>
> Moshe
>
>
>
> On Mon, Jun 8, 2020 at 8:40 PM Jeffrey 'jf' Lim wrote:
>>
>> Thanks, Moshe. I've tried that, but I've found that if you send
>> anything that's invalid at the HTTP layer by ngi
; like you need BOTH that and the `return 444` in the location block.
>
> Moshe
>
>
>
> On Mon, Jun 8, 2020 at 4:35 PM Jeffrey 'jf' Lim wrote:
>>
>> I've been trying and scratching my head over this for some time now.
>> I've always set up a default server to retu
I've been trying and scratching my head over this for some time now.
I've always set up a default server to return 444, but I've not been
able to make it do the 444 *always*. If I get an invalid response,
nginx "skips" the 444 to return 400 instead. I'd rather nginx do the
444, and not return 400.
On Sat, Aug 24, 2019 at 9:32 PM Jeffrey 'jf' Lim wrote:
>
> On Sat, Aug 24, 2019 at 5:18 PM Nuno Gonçalves wrote:
> >
> > On Sat, Aug 24, 2019 at 8:24 AM Jeffrey 'jf' Lim
> > wrote:
> > >
> > > The host is defined by the server, surely, and not
On Sat, Aug 24, 2019 at 5:18 PM Nuno Gonçalves wrote:
>
> On Sat, Aug 24, 2019 at 8:24 AM Jeffrey 'jf' Lim wrote:
> >
> > The host is defined by the server, surely, and not by what the client tells
> > the server it is? And you tell the server what host it is by the
&
The host is defined by the server, surely, and not by what the client tells
the server it is? And you tell the server what host it is by the
server_name directive (
https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name).
-jf
On Sat, 24 Aug 2019, 01:39 Nuno Gonçalves, wrote:
> I
On Wed, Apr 10, 2019 at 2:21 PM allenhe wrote:
> Hi,
>
> My Nginx is configured with:
> proxy_next_upstream error timeout http_429 http_503;
>
> But I find it won't try the next available upstream server with the
> following error returned:
>
> 2019/04/05 20:11:41 [error] 85#85: *4903418 recv()
On Thu, Jan 25, 2018 at 8:22 PM, Roman Arutyunyan <a...@nginx.com> wrote:
> Hi Jeffrey,
>
> On Thu, Jan 25, 2018 at 05:41:50PM +0800, Jeffrey 'jf' Lim wrote:
>> This is more of a curiosity thing, I guess, than anything else, but...
>> how do you trigger an "proxy_ne
This is more of a curiosity thing, I guess, than anything else, but...
how do you trigger an "proxy_next_upstream invalid_header" when
testing?
I've tried basically sending random text from an upstream ('nc -l')...
but nginx holds on to the connection and ends up triggering a
"timeout" instead.
On Thu, Jul 18, 2013 at 5:06 PM, Kim Yong limkimy...@gmail.com wrote:
Hi I'd like to know if setting keepalive for a specific location is
possible. Right now I have only managed to get it working on server {}
directive but not location {} directive.
it seems possible according to the docs.
On Tue, Mar 19, 2013 at 10:43 PM, Peter Booth peter_bo...@s5a.com wrote:
The code does the following:
1. remove an HTTP header named SWSSLHDR
2. replaces it with SWSSLHDR: port, where the port is the local port of
the current context's TCP connection, presumably the port that your F5
virtual
23 matches
Mail list logo
