If you don't like 301 redirects because permanent caching — can't blame you
there, as I'm in same boat — an easier way would be to simply use what I
call the exception handling mechanism of nginx to change all 301 replies to
302, and you don't need any patches to perform such a change, as a simple
# HG changeset patch
# User Blake Williams
# Date 1567294312 -36000
# Sun Sep 01 09:31:52 2019 +1000
# Node ID 9cdf1baf51d3b2ae8fb0d80d10148ba9605d1799
# Parent 44ce08f5259f034c102b7f99b37c423de848c75a
Tests: added slash_redirect_temporary
diff -r 44ce08f5259f -r 9cdf1baf51d3
Hello!
We ran into an issue where with the permanent redirects in
ngx_http_static_module.c that occur when you omit a slash when requesting a
folder, for example from "/foo" to the folder "/foo/". We changed some things
around in our site so that "/foo" was actually a file, not a folder, but
On 08/31, Francis Daly wrote:
> On Sat, Aug 31, 2019 at 09:10:09AM -0500, J. Lewis Muir wrote:
> > On 08/31, Francis Daly wrote:
>
> Hi there,
>
> > > * starts with /my-app/current/ -> reject
> > > * starts with /my-app/releases/ -> reject
>
> Actually -- those two "rejects" should not be
On Sat, Aug 31, 2019 at 09:10:09AM -0500, J. Lewis Muir wrote:
> On 08/31, Francis Daly wrote:
Hi there,
> > * starts with /my-app/current/ -> reject
> > * starts with /my-app/releases/ -> reject
Actually -- those two "rejects" should not be needed.
The app probably should not be installed
Nginx does detect these traversal attacks. They come up as a 400 error. I got
two yesterday. But out of paranoia, I wouldn't leave the web root. There is
always some zero day.
That traversal attack was from some new to me Hong Kong hosting company and
earned a place on my firewall block.
Hung Nguyen: No, it’s browser limitation
You're right, this is a browser limitation
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,285362,285494#msg-285494
___
nginx mailing list
nginx@nginx.org
Да, вы правы.
Попробовал сделать так.
Часть location оставил с использованием rewrite, а 6 location с
использованием proxy_pass.
Результат впечатлил. :-)
Видеопотоки отобразились в 6 соединениях. Видеопотоки, которые должны были
идти через rewrite (в обход nginx) не отобразились. Браузер,
Hello!
On Fri, Aug 30, 2019 at 12:43:40PM -0700, Thibault Charbonnier wrote:
> # HG changeset patch
> # User Thibault Charbonnier
> # Date 1567193727 25200
> # Fri Aug 30 12:35:27 2019 -0700
> # Node ID 40abd582aafbd22c2435afed5fd3311333ca99bd
> # Parent
Hello!
On Fri, Aug 30, 2019 at 06:26:57PM -0700, Rian Hunter wrote:
> On 2019-08-30 07:19, Maxim Dounin wrote:
> > Hello!
> >
> > On Fri, Aug 23, 2019 at 11:00:41AM -0700, Rian Hunter wrote:
> >
> >> While browsing the source I noticed something that seemed wrong, even
> >> though I haven't
On 08/30, Ian Hobson wrote:
> Hi Lewis,
>
> On 30/08/19 18:33, J. Lewis Muir wrote:
> > Hello!
> >
> > I'm using nginx 1.12.2 on RHEL 7, and I've got a FastCGI web app that
> > uses a deployment structure which uses an atomic symlink change for an
> > atomic app deploy, and I'm wishing to be
On 08/31, Francis Daly wrote:
> On Sat, Aug 31, 2019 at 12:21:40AM +0100, Francis Daly wrote:
>
> Hi there,
>
> A few further thoughts here...
>
> > It sounds like your desires are for requests:
> >
> > * starts with /my-app/current/ -> reject
> > * starts with /my-app/releases/ -> reject
>
Hi Mark,
On 30/08/19 22:23, lists wrote:
I've been following this thread not really out of need but rather that it is really
interesting. That said, I don't think for security you want to "escape" the web
root. The risk is that might aid a traversal attack.
I am curious to know how this
On 08/31, Francis Daly wrote:
> On Fri, Aug 30, 2019 at 04:59:36PM -0500, J. Lewis Muir wrote:
>
> Hi there,
>
> > I was wishing for a way to specify a new root but with a modified
> > request URI. So, I tried the alias directive, and I assumed that
> > $document_root and $realpath_root would
Добрый день!
Спасибо за ответ.
Конфиг полный, просто сократил количетсво виртуальных хостов, так как они
одинаковые.
ssl_session_cache - действительно не настроено.
ssl_dhparam - аналогично.
сертификат один общий для всех, сгенерировал его для wildcard домена от let's
encrypt (Signature
On Sat, Aug 31, 2019 at 12:21:40AM +0100, Francis Daly wrote:
Hi there,
A few further thoughts here...
> It sounds like your desires are for requests:
>
> * starts with /my-app/current/ -> reject
> * starts with /my-app/releases/ -> reject
> * matches /my-app/something.php, or
16 matches
Mail list logo