In ngx_http_lingering_close_handler
and ngx_http_discarded_request_body_handler, there's risk
that r-lingering_time is smaller than ngx_time(), then comparing timer
which is a unsigned value with zero will never return true. This can cause
long time connection for some kind of requests (For
Приветствую!
По поводу вчерашнего сообщения о потенциальной уязвимости в
nginx[*]: мы знаем об этом анонсе и работаем над анализом проблемы.
Результаты этого анализа сообщим отдельно.
* http://www.securityfocus.com/archive/1/526439/30/0/threaded
--
Maxim Konovalov
+7 (910) 4293178
Максим, спасибо за ответ. Вы оказались близки к правде. На самом деле имя
subdomen2 было зарезервировано для дочернего неймсервера site.com и
перенаправление происходило на уровне браузера, не доходя до собственно
nginx'a.
Так что мораль, проверяйте и еще раз проверяйте, даже если доверяете :)
Ok. So the upstream block has to be in the nginx.conf. I thought I
could
this one export to a separate file, too.
yes, you can (include your upstream-config and any other part).
you just need to place it into the right context, e.g. inside
a http { ... } - block and not inside a server { ...
Yup http://ngxpagespeed.com/ isn't accessible at all from my end either.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,238650,238656#msg-238656
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hello,
On behalf of the nginx team I want to let the community know that we
are aware of the recent security announce[*] and working on the
issue. We will share our conclusion when get more details about its
nature and impact.
* http://www.securityfocus.com/archive/1/526439/30/0/threaded
--
It seems that they don't know the meaning of responsible disclosure. They
should have given you some time
before going public. Unfortunately there are plenty of drama queens in the
IT security field.
All responsible disclosure be gone, for I want to have the attribution:
first post is all that
Cfr. http://www.securityfocus.com/archive/1/526439/30/0/threaded
Is 1.4.x release affected?
Thanks,
d.
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hi!
Cfr. http://www.securityfocus.com/archive/1/526439/30/0/threaded
Is 1.4.x release affected?
I guess. Please see the recent nginx security issue announce thread.
Cheers,
Lukas
___
nginx mailing list
On Apr 26, 2013, at 4:12 PM, Lukas Tribus wrote:
Hi!
Cfr. http://www.securityfocus.com/archive/1/526439/30/0/threaded
Is 1.4.x release affected?
I guess. Please see the recent nginx security issue announce thread.
We are still investigating. So far we can't confirm it's a full
Hi,
I've been looking on Internet about this but seems all the examples
available are for a proxy conf or fcgi conf. Not both.
This is my scenario: I have three servers. The first one run only nginx
(and it should be the entry point for my websites) and the other two
servers run django
Hello, I'm desparately trying to compile the latest nginx with the latest
OpenSSL.
In short I'm grabbing the latest nginx tar.gz (1.4.0 but had the same
problem with 1.3.16) and the latest OpenSSL tar.gz (1.0.1e but have the same
problem with 1.0.1d) extract them and want to compile them.
Hello guys!
I am excited to announce that the new development version of
ngx_openresty, 1.2.8.1, is now released:
http://openresty.org/#Download
Special thanks go to all our contributors and users for helping make
this release happen!
Below is the complete change log for this release, as
13 matches
Mail list logo