Re: [PATCH 2 of 2] The "sort=" parameter of the "resolver" directive

2022-06-28 Thread Antoine Bonavita 
Hello,

Maybe the description/title of the patch should reflect latest code
changes: "sort=" => "prefer=".

A.

On Tue, Jun 28, 2022 at 6:25 PM Sergey Kandaurov  wrote:

> # HG changeset patch
> # User Ruslan Ermilov 
> # Date 1645589387 -10800
> #  Wed Feb 23 07:09:47 2022 +0300
> # Node ID e80adbf788f6796c6bdf415938abb19b7aa43e3e
> # Parent  04e314eb6b4d20a48c5d7bab0609e1b03b51b406
> The "sort=" parameter of the "resolver" directive.
>
> diff -r 04e314eb6b4d -r e80adbf788f6 src/core/ngx_resolver.c
> --- a/src/core/ngx_resolver.c   Wed Feb 23 07:08:37 2022 +0300
> +++ b/src/core/ngx_resolver.c   Wed Feb 23 07:09:47 2022 +0300
> @@ -227,6 +227,7 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_
>  }
>
>  #if (NGX_HAVE_INET6)
> +
>  if (ngx_strncmp(names[i].data, "ipv4=", 5) == 0) {
>
>  if (ngx_strcmp(&names[i].data[5], "on") == 0) {
> @@ -260,6 +261,24 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_
>
>  continue;
>  }
> +
> +if (ngx_strncmp(names[i].data, "prefer=", 7) == 0) {
> +
> +if (ngx_strcmp(&names[i].data[7], "ipv4") == 0) {
> +r->prefer = NGX_RESOLVE_PREFER_A;
> +
> +} else if (ngx_strcmp(&names[i].data[7], "ipv6") == 0) {
> +r->prefer = NGX_RESOLVE_PREFER_;
> +
> +} else {
> +ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> +   "invalid parameter: %V", &names[i]);
> +return NULL;
> +}
> +
> +continue;
> +}
> +
>  #endif
>
>  ngx_memzero(&u, sizeof(ngx_url_t));
> @@ -4250,7 +4269,27 @@ ngx_resolver_export(ngx_resolver_t *r, n
>  }
>
>  i = 0;
> -d = rotate ? ngx_random() % n : 0;
> +
> +switch (r->prefer) {
> +
> +#if (NGX_HAVE_INET6)
> +case NGX_RESOLVE_PREFER_A:
> +d = 0;
> +break;
> +
> +case NGX_RESOLVE_PREFER_:
> +d = rn->naddrs6;
> +
> +if (d == n) {
> +d = 0;
> +}
> +
> +break;
> +#endif
> +
> +default:
> +d = rotate ? ngx_random() % n : 0;
> +}
>
>  if (rn->naddrs) {
>  j = rotate ? ngx_random() % rn->naddrs : 0;
> diff -r 04e314eb6b4d -r e80adbf788f6 src/core/ngx_resolver.h
> --- a/src/core/ngx_resolver.h   Wed Feb 23 07:08:37 2022 +0300
> +++ b/src/core/ngx_resolver.h   Wed Feb 23 07:09:47 2022 +0300
> @@ -36,6 +36,9 @@
>
>  #define NGX_RESOLVER_MAX_RECURSION50
>
> +#define NGX_RESOLVE_PREFER_A  1
> +#define NGX_RESOLVE_PREFER_   2
> +
>
>  typedef struct ngx_resolver_s  ngx_resolver_t;
>
> @@ -175,6 +178,8 @@ struct ngx_resolver_s {
>  ngx_queue_t   srv_expire_queue;
>  ngx_queue_t   addr_expire_queue;
>
> +unsigned  prefer:2;
> +
>  unsigned  ipv4:1;
>
>  #if (NGX_HAVE_INET6)
>
> ___
> nginx-devel mailing list -- nginx-devel@nginx.org
> To unsubscribe send an email to nginx-devel-le...@nginx.org
>
___
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-le...@nginx.org

Re: [PATCH] http option for server identification removal

2023-10-19 Thread Antoine Bonavita 
Teo,

You might want to have a look at: https://trac.nginx.org/nginx/ticket/936

If my understanding is correct, this feature is already offered as part of
Nginx Plus.

Hope this helps,

A.

On Thu, Oct 19, 2023 at 3:16 PM Teo Tyrov  wrote:

> Sorry, I forgot to add the mailing list to the recipients
>
> Best,
> Thodoris
>
> On Wed, Oct 18, 2023 at 11:17 PM Aleksandar Lazic 
> wrote:
>
>> Hi Teo.
>>
>> On 2023-10-18 (Mi.) 21:18, Teo Tyrov wrote:
>> > Hello Alex,
>> >
>> > This directive removes only the version, so it is still disclosed that
>> > the nginx server is used. I would be asked to remove the entire header
>> > in my previous company, which as far as I know, is not possible without
>> > external modules.
>>
>> got it.
>>
>> > On Wed, Oct 18, 2023 at 10:05 PM Aleksandar Lazic > > > wrote:
>> >
>> > Hi Teo.
>> >
>> > On 2023-10-18 (Mi.) 20:38, Teo Tyrov wrote:
>> >  > # HG changeset patch
>> >  > # User Theodoros Tyrovouzis > >  > > >>
>> >  > # Date 1697653906 -10800
>> >  > #  Wed Oct 18 21:31:46 2023 +0300
>> >  > # Node ID 112e223511c087fac65c7eb99dd88e66b174
>> >  > # Parent  cdda286c0f1b4b10f30d4eb6a63fefb9b8708ecc
>> >  > Add "server_identification" http option that hides server
>> > information
>> >  > disclosure in responses
>> >  >
>> >  > In its responses, nginx by default sends a "Server" header which
>> >  > contains "nginx" and the nginx version. Most production systems
>> > would
>> >  > want this information hidden, as it is technical information
>> > disclosure
>> >  > (https://portswigger.net/web-security/information-disclosure
>> > ).
>> nginx
>> >  > does provide the option "server_tokens off;" which hides the
>> > version,
>> >  > but in order to get rid of the header, nginx needs to be compiled
>> > with
>> >  > the headers_more module, for the option "more_clear_headers".
>> > This patch
>> >  > provides an http option for hiding that information, which also
>> > hides
>> >  > the server information from the default error responses.
>> >  >
>> >  > An alternative would be to add a new option to server_tokens,
>> e.g.
>> >  > "incognito".
>> >
>> > What's wrong with this directive?
>> >
>> http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens <
>> http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens>
>> >
>> > [snipp]
>> >
>> > Regards
>> > Alex
>> >
>>
>> ___
> nginx-devel mailing list
> nginx-devel@nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel
>
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: announcing freenginx.org

2024-02-15 Thread Antoine Bonavita 
Maxim,

Thanks for the amazing work and your dedication all those years.

Will definitely follow freenginx and use it as my webserver of choice.

A.


On Thu, Feb 15, 2024 at 9:49 AM Archimedes Gaviola <
archimedes.gavi...@gmail.com> wrote:

>
>
> On Thu, Feb 15, 2024 at 2:03 AM Maxim Dounin  wrote:
>
>> Hello!
>>
>> As you probably know, F5 closed Moscow office in 2022, and I no
>> longer work for F5 since then.  Still, we’ve reached an agreement
>> that I will maintain my role in nginx development as a volunteer.
>> And for almost two years I was working on improving nginx and
>> making it better for everyone, for free.
>>
>> Unfortunately, some new non-technical management at F5 recently
>> decided that they know better how to run open source projects.  In
>> particular, they decided to interfere with security policy nginx
>> uses for years, ignoring both the policy and developers’ position.
>>
>> That’s quite understandable: they own the project, and can do
>> anything with it, including doing marketing-motivated actions,
>> ignoring developers position and community.  Still, this
>> contradicts our agreement.  And, more importantly, I no longer able
>> to control which changes are made in nginx within F5, and no longer
>> see nginx as a free and open source project developed and
>> maintained for the public good.
>>
>> As such, starting from today, I will no longer participate in nginx
>> development as run by F5.  Instead, I’m starting an alternative
>> project, which is going to be run by developers, and not corporate
>> entities:
>>
>> http://freenginx.org/
>>
>> The goal is to keep nginx development free from arbitrary corporate
>> actions.  Help and contributions are welcome.  Hope it will be
>> beneficial for everyone.
>>
>>
>> --
>> Maxim Dounin
>> http://freenginx.org/
>> ___
>> nginx-devel mailing list
>> nginx-devel@nginx.org
>> https://mailman.nginx.org/mailman/listinfo/nginx-devel
>
>
> Hi Maxim,
>
> Sorry to hear that. Is the license still the same for freenginx?
>
> Thanks,
> Archimedes
> ___
> nginx-devel mailing list
> nginx-devel@nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel
>
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel