Re: Patch: slash_redirect_temporary directive

2019-08-31 Thread Constantine A. Murenin
If you don't like 301 redirects because permanent caching — can't blame you there, as I'm in same boat — an easier way would be to simply use what I call the exception handling mechanism of nginx to change all 301 replies to 302, and you don't need any patches to perform such a change, as a simple

Patch: tests for slash_redirect_temporary

2019-08-31 Thread Blake Williams
# HG changeset patch # User Blake Williams # Date 1567294312 -36000 # Sun Sep 01 09:31:52 2019 +1000 # Node ID 9cdf1baf51d3b2ae8fb0d80d10148ba9605d1799 # Parent 44ce08f5259f034c102b7f99b37c423de848c75a Tests: added slash_redirect_temporary diff -r 44ce08f5259f -r 9cdf1baf51d3

Patch: slash_redirect_temporary directive

2019-08-31 Thread Blake Williams
Hello! We ran into an issue where with the permanent redirects in ngx_http_static_module.c that occur when you omit a slash when requesting a folder, for example from "/foo" to the folder "/foo/". We changed some things around in our site so that "/foo" was actually a file, not a folder, but

Re: Allow internal redirect to URI x, but deny external request for x?

2019-08-31 Thread J. Lewis Muir
On 08/31, Francis Daly wrote: > On Sat, Aug 31, 2019 at 09:10:09AM -0500, J. Lewis Muir wrote: > > On 08/31, Francis Daly wrote: > > Hi there, > > > > * starts with /my-app/current/ -> reject > > > * starts with /my-app/releases/ -> reject > > Actually -- those two "rejects" should not be

Re: Allow internal redirect to URI x, but deny external request for x?

2019-08-31 Thread Francis Daly
On Sat, Aug 31, 2019 at 09:10:09AM -0500, J. Lewis Muir wrote: > On 08/31, Francis Daly wrote: Hi there, > > * starts with /my-app/current/ -> reject > > * starts with /my-app/releases/ -> reject Actually -- those two "rejects" should not be needed. The app probably should not be installed

Re: Allow internal redirect to URI x, but deny external request for x?

2019-08-31 Thread lists
Nginx does detect these traversal attacks. They come up as a 400 error. I got two yesterday. But out of paranoia, I wouldn't leave the web root. There is always some zero day. That traversal attack was from some new to me Hong Kong hosting company and earned a place on my firewall block.

Re: Is there a limitation in nginx on the number of simultaneous via proxy_pass

2019-08-31 Thread glareboa
Hung Nguyen: No, it’s browser limitation You're right, this is a browser limitation Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285362,285494#msg-285494 ___ nginx mailing list nginx@nginx.org

Re: Количество одновременно ипользуемых proxy pass в в нескольких location

2019-08-31 Thread glareboa
Да, вы правы. Попробовал сделать так. Часть location оставил с использованием rewrite, а 6 location с использованием proxy_pass. Результат впечатлил. :-) Видеопотоки отобразились в 6 соединениях. Видеопотоки, которые должны были идти через rewrite (в обход nginx) не отобразились. Браузер,

Re: [PATCH] Upstream keepalive: keepalive_pool_key directive.

2019-08-31 Thread Maxim Dounin
Hello! On Fri, Aug 30, 2019 at 12:43:40PM -0700, Thibault Charbonnier wrote: > # HG changeset patch > # User Thibault Charbonnier > # Date 1567193727 25200 > # Fri Aug 30 12:35:27 2019 -0700 > # Node ID 40abd582aafbd22c2435afed5fd3311333ca99bd > # Parent

Re: Potential bug in ngx_event.c

2019-08-31 Thread Maxim Dounin
Hello! On Fri, Aug 30, 2019 at 06:26:57PM -0700, Rian Hunter wrote: > On 2019-08-30 07:19, Maxim Dounin wrote: > > Hello! > > > > On Fri, Aug 23, 2019 at 11:00:41AM -0700, Rian Hunter wrote: > > > >> While browsing the source I noticed something that seemed wrong, even > >> though I haven't

Re: Allow internal redirect to URI x, but deny external request for x?

2019-08-31 Thread J. Lewis Muir
On 08/30, Ian Hobson wrote: > Hi Lewis, > > On 30/08/19 18:33, J. Lewis Muir wrote: > > Hello! > > > > I'm using nginx 1.12.2 on RHEL 7, and I've got a FastCGI web app that > > uses a deployment structure which uses an atomic symlink change for an > > atomic app deploy, and I'm wishing to be

Re: Allow internal redirect to URI x, but deny external request for x?

2019-08-31 Thread J. Lewis Muir
On 08/31, Francis Daly wrote: > On Sat, Aug 31, 2019 at 12:21:40AM +0100, Francis Daly wrote: > > Hi there, > > A few further thoughts here... > > > It sounds like your desires are for requests: > > > > * starts with /my-app/current/ -> reject > > * starts with /my-app/releases/ -> reject >

Re: Allow internal redirect to URI x, but deny external request for x?

2019-08-31 Thread Ian Hobson
Hi Mark, On 30/08/19 22:23, lists wrote: I've been following this thread not really out of need but rather that it is really interesting. That said, I don't think for security you want to "escape" the web root. The risk is that might aid a traversal attack. I am curious to know how this

Re: Allow internal redirect to URI x, but deny external request for x?

2019-08-31 Thread J. Lewis Muir
On 08/31, Francis Daly wrote: > On Fri, Aug 30, 2019 at 04:59:36PM -0500, J. Lewis Muir wrote: > > Hi there, > > > I was wishing for a way to specify a new root but with a modified > > request URI. So, I tried the alias directive, and I assumed that > > $document_root and $realpath_root would

Re: nginx полностью загружает весь процессор при reload'e

2019-08-31 Thread Dmitry Sergeev
Добрый день! Спасибо за ответ. Конфиг полный, просто сократил количетсво виртуальных хостов, так как они одинаковые. ssl_session_cache - действительно не настроено. ssl_dhparam - аналогично. сертификат один общий для всех, сгенерировал его для wildcard домена от let's encrypt (Signature

Re: Allow internal redirect to URI x, but deny external request for x?

2019-08-31 Thread Francis Daly
On Sat, Aug 31, 2019 at 12:21:40AM +0100, Francis Daly wrote: Hi there, A few further thoughts here... > It sounds like your desires are for requests: > > * starts with /my-app/current/ -> reject > * starts with /my-app/releases/ -> reject > * matches /my-app/something.php, or