On 18/10/19 9:47 pm, J. Lewis Muir wrote:
And in your example, you were doing a return inside an "if" which is
noted as being safe in a location context.
Phew! Thank you for the advice.
P.V.Anthony
___
nginx mailing list
nginx@nginx.org
On 18/10/19 2:59 pm, Patrick wrote:
The `if' part should be fine. The problem would be someone crafting a
URL that skips past the `=' check and yet is still parsed as `id=2' by
the underlying app.
Can the underlying old app also be changed to log an attack, and throw a
444 when it gets an `id'
Please disregard or delete this post. The problem was with my setup. It
works fine. Thanks.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,285923,285941#msg-285941
___
nginx mailing list
nginx@nginx.org
details: https://hg.nginx.org/njs/rev/5f192dbb694e
branches:
changeset: 1188:5f192dbb694e
user: Dmitry Volyntsev
date: Fri Oct 18 16:34:50 2019 +0300
description:
Querying global object when variable cannot be resolved.
diffstat:
src/njs_disassembler.c | 2 +
details: https://hg.nginx.org/njs/rev/c86310ffb38a
branches:
changeset: 1189:c86310ffb38a
user: Dmitry Volyntsev
date: Fri Oct 18 16:38:55 2019 +0300
description:
Moving global functions to global object.
This closes #132 issue on Github.
diffstat:
src/njs_builtin.c |
details: https://hg.nginx.org/njs/rev/10c10102cad0
branches:
changeset: 1187:10c10102cad0
user: Dmitry Volyntsev
date: Fri Oct 18 16:28:16 2019 +0300
description:
Avoiding OBJECT COPY instruction each time global object accessed.
diffstat:
src/njs_builtin.c | 8 +++-
On 10/18, P.V.Anthony wrote:
> On 18/10/19 5:26 am, Jeff Dyke wrote:
> > I know this is not an answer to your question, but it begs another,
> > mainly due to the if statement. How many of these are you going to
> > have? https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
> >
> >
> I'm not a big fan of the location that sets the 418 error_page to the
> @foo_front_controller named location, but I don't know of any other way
> to essentially do a "return @foo_front_controller". Is there a better
> way?
Use "try_files" instead with a filename that will never exist (i.e.
details: https://hg.nginx.org/njs/rev/ed4472f545a1
branches:
changeset: 1186:ed4472f545a1
user: Artem S. Povalyukhin
date: Sat Aug 24 05:41:46 2019 +0300
description:
Fixed "caller" and "arguments" properties of a function instance.
This closes #209 issue on Github.
diffstat:
Hi Lewis,
>
> Are you serving over HTTPS?
>
Yes, all content over HTTPS
> Can you create an MCVE (minimal, complete, and verifiable example) for
> a
> ".txt" file over HTTP? For a ".txt" file over HTTPS? For a ".ivp"
> file
> over HTTP? For a ".ivp" file over HTTPS?
>
Sorry, I don't know
On 2019-10-18 13:57, P.V.Anthony wrote:
> Like netsec and using "if" in the config.
The `if' part should be fine. The problem would be someone crafting a
URL that skips past the `=' check and yet is still parsed as `id=2' by
the underlying app.
Can the underlying old app also be changed to log
11 matches
Mail list logo