Have you read over https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/?
On Sun, Aug 21, 2016 at 1:53 PM, Hamza Aboulfeth <h.aboulf...@genious.net> wrote: > Hello everyone, > > I finally understand what's going on here... > > http://www.trendmicro.com/vinfo/us/threat-encyclopedia/ > vulnerability/10236/python-http-proxy-header-injection- > vulnerability-cve20161000110 > > I have been a victim of this attack, nginx is also affected, is there any > patch for this new vulnerability? > > Thank you, > Hamza > > > Hamza Aboulfeth <h.aboulf...@genious.net> > August 13, 2016 at 6:36 PM > Hello, > > We have formatted the server and installed everything over again, a week > later the same problem occurred. All redirects are actually sent from time > to time to another host: > > [root@genious106 ~]# curl -IL -H "host: hespress.com" xx.xx.xx.xx > HTTP/1.1 301 Moved Permanently > Server: nginx/1.10.1 > Date: Sat, 13 Aug 2016 13:31:28 GMT > Content-Type: text/html > Content-Length: 185 > Connection: keep-alive > Location: http://1755118211 > .com/ > dbg-redirect: nginx > > HTTP/1.1 302 Found > Server: nginx/1.2.1 > Date: Sat, 13 Aug 2016 13:31:17 GMT > Content-Type: text/html; charset=iso-8859-1 > Connection: keep-alive > Set-Cookie: > orgje=2PUrADQAAgABACUhr1f__yUhr1dAAAEAAAAlIa9XMgACAAEAJSGvV___JSGvVwA-; > expires=Sun, 13-Aug-2017 13:31:17 GMT; path=/; domain=traffsell.com > Location: http://triuch.com/6lo1I > > HTTP/1.1 200 OK > Server: nginx > Date: Sat, 13 Aug 2016 13:31:17 GMT > Content-Type: text/html; charset=utf-8 > Connection: keep-alive > Vary: Accept-Encoding > Vary: Accept-Encoding > > [root@genious106 ~]# > > Even php redirect requests are rerouted. > > Please advice, > Hamza > > Francis Daly <fran...@daoine.org> > July 16, 2016 at 8:47 AM > On Fri, Jul 15, 2016 at 10:58:07PM +0100, Hamza Aboulfeth wrote: > > Hi there, > > > If that x.x.x.x is enough to make sure that this request gets to your > nginx, then your nginx config is probably involved. > > If this only started yesterday, then changes since yesterday (or since > your nginx was last restarted before yesterday) are probably most > interesting. > > And as a very long shot: if you can "tcpdump" to see that nginx is sending > one thing, but the client is receiving something else, then you'll want > to look outside nginx at something else interfering with the traffic. > > Good luck with it, > > f > Hamza Aboulfeth <h.aboulf...@genious.net> > July 15, 2016 at 10:58 PM > Hello, > > I have a weird problem that suddenly appeared on a client's website > yesterday. We have a redirection from non www to www and sometimes the > redirection sends somewhere else: > > [root@genious33 nginx-1.11.2]# curl -IL -H "host: hespress.com" x.x.x.x > HTTP/1.1 301 Moved Permanently > Server: nginx/1.11.2 > Date: Fri, 15 Jul 2016 21:54:06 GMT > Content-Type: text/html > Content-Length: 185 > Connection: keep-alive > Location: http://1755118213 > .com/ > dbg-redirect: nginx > > HTTP/1.1 302 Found > Server: nginx/1.2.1 > Date: Fri, 15 Jul 2016 21:52:37 GMT > Content-Type: text/html; charset=iso-8859-1 > Connection: keep-alive > Set-Cookie: orgje=JbgbADQAAgABACVbiVf__yVbiVdAAAEAAAAlW4lXAA--; > expires=Sat, 15-Jul-2017 21:52:37 GMT; path=/; domain=traffsell.com > Location: http://m.xxx.com/ > > HTTP/1.1 200 OK > Date: Fri, 15 Jul 2016 21:52:37 GMT > Content-Type: text/html; charset=UTF-8 > Connection: keep-alive > Set-Cookie: __cfduid=d5624eb7a789e21f082873681ec36a41b1468619557; > expires=Sat, 15-Jul-17 21:52:37 GMT; path=/; domain=.hibapress.com; > HttpOnly > X-Powered-By: PHP/5.3.27 > X-LiteSpeed-Cache: hit > Vary: Accept-Encoding > X-Turbo-Charged-By: LiteSpeed > Server: cloudflare-nginx > CF-RAY: 2c307148667c3f77-YUL > > Sometimes it acts as it should sometimes it redirect somewhere else > > If you have any clue about what's happening, do help me :) > > Thank you, > Hamza > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
